Overview
SOSi is seeking a Security Engineer – AI & SOAR Integration to join our forward-leaning cyber team in Hawaii, where mission meets innovation. This team delivers secure, multi-enclave Coalition connectivity to INDOPACOM warfighters, powered by cutting-edge Desktop as a Service (DaaS) Private Cloud technology.
From its early proof of concept to a mature, mission-critical platform, the team has evolved rapidly—and now needs a sharp, motivated engineer to take cyber defense to the next level. You’ll lead the deployment, tuning, and maintenance of AI-assisted detection and response platforms and SOAR automation pipelines, ensuring they’re resilient, effective, and compliant. Collaborating closely with Cyber Defense Analysts, Detection Engineers, and leadership, you’ll help reduce analyst fatigue, strengthen threat detection, and accelerate incident response across a uniquely complex enterprise.
Essential Job Duties

The Security Engineer will use data collected from SIEM, SOAR, EDR, and NTA tools to integrate, automate, and optimize NSOC defensive capabilities. Core duties include:

• Deploy, configure, and maintain AI-enabled monitoring and response platforms to support analyst operations and after-hours coverage.
• Develop and tune SOAR automation pipelines for triage, containment, escalation, and recovery.
• Ensure automation logic is explainable, logged, and compliant with DoD and NSOC SOPs.
• Integrate AI workflows with SIEM, EDR, and NTA telemetry for real-time monitoring and enrichment.
• Validate AI-assisted detections with analyst feedback, adjusting rules to reduce false positives.
• Serve as Tier 3 escalation point for automation- or tool-related incidents.
• Provide forensic data and log enrichment to support containment and response.
• Collaborate with Detection Engineers to build and validate custom detection rules and playbooks.
• Maintain current knowledge of emerging AI/automation technologies, threats, and adversary tactics.
• Participate in tabletop and live security exercises to validate AI & SOAR readiness.
• Document engineering changes, playbook updates, and lessons learned for continuous improvement.

MINIMUM REQUIREMENTS

• Active in scope SECRET clearance or the ability to obtain SECRET eligibility.
• Bachelor’s Degree in Cybersecurity, Computer Science, Information Systems, or related discipline (or equivalent experience/certifications).
• 5+ years of cybersecurity engineering or SOC/NSOC experience.
• DoD 8140 Intermediate certification (GFACT or CEH or Cloud+ or CySA+ or PenTest+ or SSCP or Security+ or GSEC).
• Hands-on experience with SIEM, EDR, SOAR platforms.
• Scripting/automation experience (Python, PowerShell, REST APIs).
• Strong written and verbal communication skills for reporting, documentation, and escalation.

PREFERRED QUALIFICATIONS

• Active Top Secret clearance with ability to obtain/maintain TS/SCI.
• Prior experience working with AI-enabled SOC platforms or AI/ML-assisted detection technologies.
• Experience designing or managing SOAR workflows (Cortex XSOAR, Splunk SOAR, Phantom, etc.).
• Vendor certifications (Elastic Certified Engineer, Palo Alto, Tenable, Splunk, etc.).
• Advanced cybersecurity certifications (GCIA, GCTI, CEH, or GCIH).

• Deploy, configure, and maintain AI-enabled monitoring and response platforms to support analyst operations and after-hours coverage.
• Develop and tune SOAR automation pipelines for triage, containment, escalation, and recovery.
• Ensure automation logic is explainable, logged, and compliant with DoD and NSOC SOPs.
• Integrate AI workflows with SIEM, EDR, and NTA telemetry for real-time monitoring and enrichment.
• Validate AI-assisted detections with analyst feedback, adjusting rules to reduce false positives.
• Serve as Tier 3 escalation point for automation- or tool-related incidents.
• Provide forensic data and log enrichment to support containment and response.
• Collaborate with Detection Engineers to build and validate custom detection rules and playbooks.
• Maintain current knowledge of emerging AI/automation technologies, threats, and adversary tactics.
• Participate in tabletop and live security exercises to validate AI & SOAR readiness.
• Document engineering changes, playbook updates, and lessons learned for continuous improvement