Job Description

Position Title:

Regional Operations Center (ROC) Lead – Defensive Cyber Operations (DCO) Watch

Location:

Stuttgart, Germany

Minimum Security Clearance:

Secret, with ability to obtain Top Secret / Sensitive Compartmented Information (TS/SCI)

eCRAFT:

CSE3

Education:

Bachelor’s degree preferred

Years of Experience:

5+ years (or 8 years of equivalent experience)

Citizenship:

United States citizenship required

Position Description

The Regional Operations Center (ROC) Lead – Defensive Cyber Operations (DCO) Watch is responsible for providing comprehensive cybersecurity defense within an assigned Regional Operations Center. This role ensures the protection of subscriber networks and data across multiple sources and geographic locations through effective monitoring, incident response, and operational leadership.



The ROC Lead oversees identification, validation, investigation, and mitigation of cybersecurity threats, determines incident severity, and ensures accurate and timely reporting in accordance with established directives. In addition to operational leadership, the ROC Lead serves as the Training Lead, responsible for developing and delivering training programs, conducting tabletop exercises, and maintaining personnel
proficiency in mission-essential tools, procedures, and processes.



This position requires strong leadership, analytical skills, and operational expertise in a 24/7/365 cybersecurity operations environment.

Duties and Responsibilities

Lead administrative and operational functions during incident response campaigns, ensuring tasks are completed, vetted, and properly documented Coordinate with subscriber sites and reporting agencies to ensure timely and accurate incident reporting Review validated security incidents for quality assurance and determine severity and impact in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B Conduct ticket, alert, and indicator analysis reviews to ensure accuracy, consistency, and completeness Maintain an in-depth understanding of cybersecurity concepts, protocols, architectures, and defensive cyber tools Oversee shift turnovers to ensure continuity of operations and proper documentation within campaign and shift logs Compile, review, and maintain internal Standard Operating Procedures (SOPs) in compliance with applicable policies and directives Mentor, guide, and develop ROC analysts to improve triage effectiveness and analytical capabilities Participate in program reviews, product evaluations, and onsite certification or assessment activities as required Ensure operational readiness and coordination across three Regional Operations Centers supporting 24/7/365 mission requirements Provide surge and overtime support during elevated threat conditions or significant cybersecurity incidents

Required Skills

Comprehensive knowledge of Chairman of the Joint Chiefs of Staff Manual (CJCSM) 6510.01B Expertise coordinating incident response actions and validating cybersecurity events Proficiency with Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), including signature development and tuning Experience conducting digital forensics across multiple operating systems Advanced proficiency with host-based security tools and operating system logging Deep expertise with log aggregation and analysis platforms such as Splunk, Elastic, or Microsoft Sentinel Exceptional logical reasoning and independent problem-solving abilities Superior written and verbal communication skills

Desired Skills

Strong leadership and operational oversight experience in a cybersecurity operations environment Expert knowledge of incident response processes and campaign management Ability to assess incident severity and impact using established DoD guidance Strong analytical and problem-solving skills Ability to communicate clearly and effectively in both written and verbal formats Proven ability to mentor and lead teams in high-tempo, operational environments

Experience, Education and Certification Requirements

Bachelor’s degree with a minimum of five (5) years of specialized cybersecurity experience or A minimum of eight (8) years of relevant cybersecurity operations experience in lieu of a degree Required certifications per Performance Work Statement (PWS): None

Additional Information

Operations are conducted 24/7/365 across three Regional Operations Centers Overtime or surge support may be required during active cybersecurity incidents Position may require up to 10% travel as mission needs dictate

Benefits at 3 Reasons Consulting

At 3 Reasons Consulting, we are committed to supporting the well-being of our team with a comprehensive benefits package that includes both company-paid and shared-cost options. Our benefits are designed to enhance your health, financial security, and work-life balance to help you thrive personally and professionally as a valued member of our team.

Company-Paid Benefits

Short/Long Term Disability Basic Life Insurance Direct Payroll Deposit Leave Accrual Holidays 401(k) Match

Employee / Company Shared Benefits

Additional (Voluntary) Life Insurance 401(k) Medical Coverage Dental Coverage Vision Care Plan Flexible Spending Account Plan
3 Reasons Consulting is an Equal Opportunity Employer. We are committed to providing a workplace free from discrimination or harassment and hold all 3 Reasons employees accountable to protect this mission. We do not discriminate on the basis of race, color, gender, religion, national origin, sexual orientation, age, marital status, veteran status, military status, disability status, or any other characteristic protected by federal, state, or local law. All applicants will receive consideration for employment without regard to protected bases.