Job Description

Position Title:

DCO Watch Analyst (Tier 1, Tier 2, Tier 3)

Location:

Stuttgart, Germany

Minimum Security Clearance:

Secret, with ability to obtain Top Secret/Sensitive Compartmented Information (TS/SCI)

eCRAFT:

SISS2/SISS3

Education:

Bachelor’s preferred

Years of Experience:

3 or more (varies based on tier)

Citizenship:

U.S. Citizen required

Position Overview

We are seeking Defensive Cyber Operations (DCO) Analysts at the Tier 1, Tier 2, and Tier 3 levels to support a 24/7 mission-critical cyber defense environment. Analysts are responsible for monitoring, analyzing, and responding to cybersecurity events and incidents in accordance with CJCSM 6510.01B and applicable Department of Defense (DoD) directives. The appropriate tier will be determined based on candidate qualifications, experience, certifications, and mission requirements.

Key Responsibilities (By Tier)

Tier 1
Monitor network and host-based systems for suspicious activity using approved tools and SOPs. Validate security events and escalate potential incidents to Tier 2 analysts per CJCSM 6510.01B. Enter and maintain accurate incident data in designated reporting systems. Assist with incident documentation and tracking under supervision. Perform basic log correlation using tools such as Splunk, Elastic, or Sentinel. Support 24/7 watch operations and shift turnovers across multiple ROCs.
Tier 2
Analyze and respond to validated security incidents, determining severity and operational impact. Coordinate incident response activities with internal teams, reporting agencies, and subscriber sites. Perform network and host-based digital forensics on Windows, Linux, and other operating systems. Conduct log correlation and deeper analysis to identify trends and patterns. Update and maintain SOPs to ensure compliance with CJCSM 6510.01B. Support IDS/IPS tuning and signature implementation.
Tier 3
Lead complex incident response efforts, including analysis, mitigation, and reporting. Manage and oversee incident response campaigns and multi-team coordination. Conduct proactive threat hunting and advanced investigations. Lead purple team exercises to improve detection and response capabilities. Evaluate and refine IDS/IPS signatures, detection logic, and correlation rules. Perform advanced digital forensics and mentor junior analysts. Support program reviews, product evaluations, and certification assessments.

Education & Experience Requirements

Tier 1
Bachelor’s degree in a relevant technical discipline, OR IAT Level II certification plus 3 years of recent specialized experience
Tier 2
Bachelor’s degree in a relevant technical discipline plus 2 years of relevant experience, OR IAT Level II certification plus 5 years of recent specialized experience
Tier 3
Bachelor’s degree in a relevant technical discipline plus 5 years of relevant experience, OR IAT Level II certification plus 8 years of recent specialized experience

Required Certifications

(All Tiers)
Must meet DoD 8570 IAT Level II requirements Must obtain and maintain role-based certifications per DoD standards

Desired Qualifications

(All Levels – Depth Varies by Tier)
Experience with log aggregation and analysis tools (Splunk, Elastic, Sentinel) Experience with IDS/IPS, host-based, and OS logging solutions Familiarity with incident response methodologies and CJCSM 6510.01B Digital forensics and threat hunting experience Strong analytical, problem-solving, and attention-to-detail skills Effective written and verbal communication skills Ability to work independently and as part of a 24/7 operations team

Additional Details

Operations are conducted 24/7/365 across three Regional Operations Centers (ROCs) Four 10-hour shifts per ROC (Sunday–Wednesday or Wednesday–Saturday) Shift assignment at the manager's discretion Overtime or surge support may be required during incident response Up to 10% travel may be required
This posting is intended to fill multiple levels (Tier 1–3). Candidates will be aligned to the appropriate tier based on experience, certifications, and mission requirements.

Benefits at 3 Reasons Consulting

At 3 Reasons Consulting, we are committed to supporting the well-being of our team with a comprehensive benefits package that includes both company-paid and shared-cost options. Our benefits are designed to enhance your health, financial security, and work-life balance to help you thrive personally and professionally as a valued member of our team.

Company-Paid Benefits

Short/Long Term Disability Basic Life Insurance Direct Payroll Deposit Leave Accrual Holidays 401(k) Match

Employee / Company Shared Benefits

Additional (Voluntary) Life Insurance 401(k) Medical Coverage Dental Coverage Vision Care Plan Flexible Spending Account Plan
3 Reasons Consulting is an Equal Opportunity Employer. We are committed to providing a workplace free from discrimination or harassment and hold all 3 Reasons employees accountable to protect this mission. We do not discriminate on the basis of race, color, gender, religion, national origin, sexual orientation, age, marital status, veteran status, military status, disability status, or any other characteristic protected by federal, state, or local law. All applicants will receive consideration for employment without regard to protected bases.