Senior Cyber Threat Analyst - Assessment

Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide.

Overview

**This position is contingent upon contract award**

SOSi is seeking a Senior Cyber Threat Analyst - Assessment in Wiesbaden, Germany. The ideal candidate will possess senior-level expertise in offensive security, vulnerability research, and penetration testing. This role involves conducting comprehensive security assessments of web applications, Active Directory environments, and network infrastructures to identify and exploit weaknesses, ensuring theater-level systems are hardened against real-world attack vectors.

Essential Job Duties

• Conduct end-to-end vulnerability assessments and penetration tests across Microsoft Active Directory, Linux environments, and associated network infrastructure.
• Evaluate web servers and applications for security flaws using both manual techniques and automated tools such as OWASP ZAP and Portswigger Burp Suite.
• Utilize advanced penetration testing frameworks, including Metasploit, Core Impact, and Immunity Canvas, to validate the severity of identified vulnerabilities.
• Perform targeted assessments of enterprise-level infrastructure to identify misconfigurations, weak credentials, and lateral movement opportunities.
• Develop custom scripts in Bash, Python, and PowerShell to automate assessment tasks and create custom exploitation tools.
• Write detailed technical reports and executive summaries that articulate assessment findings, risk levels, and remediation steps to both technical and non-technical audiences.
• Collaborate with defensive teams to provide expert guidance on remediating discovered vulnerabilities and strengthening the theater’s overall security posture.

Minimum Requirements

• Active in scope TS/SCI clearance.
• BA/BS degree (Engineering, Computer Science, Science, Business Administration, or Mathematics) plus five (5) years of specialized experience OR Associate’s degree plus seven (7) years of specialized experience OR a major professional certification plus seven (7) years of specialized experience OR eleven (11) years of specialized experience.
• Possession of at least one of the following: TCM Security: PNPT or Offensive Security: OSCP or OSCE or Hack the Box: CPTS or Zero Point: RTO (Red Team Ops) or GIAC: GPEN or GWAPT or GAWN or GXPN or GWEB.
• Proven experience in vulnerability assessment, penetration testing, and web application security assessments.
• Demonstrated experience assessing Microsoft Active Directory and Linux environments.
• Hands-on proficiency with Metasploit, Core Impact, or Immunity Canvas.
• Expertise with OWASP ZAP or Burp Suite.
• Proficiency in scripting (Bash, Python, or PowerShell).

Preferred Qualifications

• Experience with cloud security assessments (Azure or AWS).
• Familiarity with Red Teaming methodologies and physical security testing.
• Advanced knowledge of Active Directory certificate services (ADCS) exploitation.
• Prior experience in a Cybersecurity Service Provider (CSSP) or offensive security consultancy.

Work Environment

• Normal office conditions with potential to perform duties in deployed locations.
• May be requested to work evenings and weekends to meet program and contract needs.

Working at SOSi

• All interested individuals will receive consideration and will not be discriminated against for any reason.