Military-grade or Equivalent SOC Training Specialist

(Posted on behalf of a government client)We are assembling a team of specialized cybersecurity instructors to deliver a high-assurance Security Operations Centre (SOC) training program aligned with NATO cyber defence standards or equivalent national military frameworks.This is not a search for a single “full-stack” expert. Instead, we seek multiple subject-matter specialists, each bringing deep experience in one or more specific domains (e.g., SIEM architecture, threat hunting, digital forensics, cyber policy, or exercise design). Candidates with partial but relevant competency in any of the listed areas are strongly encouraged to apply.The program is delivered in small cohorts of 4–6 participants, enabling high-fidelity, hands-on instruction, individualized assessment, and classified-environment simulations. All instructors must have hands-on Tier 3 SOC experience in military, national intelligence, critical infrastructure, or equivalent high-resilience environments—and be able to deliver structured, assessable training at this intimate scale.Note: You do not need to meet all role requirements across the board. We welcome applications from professionals who specialize in any one of these areas.Core Requirements (All Roles)- Proven Tier 3 SOC experience: Minimum 5 years operating in a Tier 3 (strategic/advanced) SOC within military, national CSIRT, intelligence, or critical national infrastructure settings - Training & Assessment Competence: Demonstrated ability to design, deliver, or evaluate technical training for small groups (4–6 learners)—including scenario-based drills, timed simulations, or standardized scoring - Security Compliance: Eligible for security vetting; experience working in classified or high-assurance environments - Tool Flexibility: While specific tools are referenced below, equivalent commercial platforms (e.g., LogRhythm instead of QRadar, AXIOM instead of FTK) will be considered if functionality and accreditation are comparable Role-Specific Qualifications (Applicants need only match one role’s profile)1. Lead SOC Architect - Representative Tools: Splunk Enterprise Security (ES), IBM QRadar - Acceptable Equivalents: LogRhythm, ArcSight, Microsoft Sentinel (with enterprise-scale deployment) - Experience:  - Architected and operated enterprise SOCs handling >100K EPS  - Configured correlation rules, dashboards, and alert workflows under NIST, ISO 27001, or national cyber defence standards  - Trained small teams on SIEM optimization and false-positive reduction in hands-on lab settings 2. Threat Intelligence & ATT&CK Lead - Representative Tools: MITRE ATT&CK Navigator, MISP - Acceptable Equivalents: Anomali, ThreatConnect, Recorded Future (with ATT&CK integration) - Experience:  - Conducted proactive threat hunting using TTP-based methodologies  - Led Purple Team exercises in high-fidelity environments with ≤6 participants  - Trained analysts to map real-world intrusions to MITRE ATT&CK® Enterprise framework 3. Digital Forensics & Incident Response Lead - Representative Tools: FTK, EnCase, Volatility - Acceptable Equivalents: AXIOM Cyber, Cellebrite Premium, BlackLight - Experience:  - Performed memory, disk, and mobile forensics in legal, military, or national incident investigations  - Executed full NIST SP 800-61 Rev. 2 incident response workflows under <4-hour containment SLAs  - Developed and scored forensic reporting assessments for Tier 2/3 analysts in small-group settings 4. Cyber Range Exercise Director - Experience:  - Designed and facilitated multi-day, multi-vector cyber campaigns (APTs, ransomware, DDoS) for cohorts of 4–6 trainees  - Familiar with NATO Cyber Coalition, national cyber drills, or equivalent large-scale exercises  - Built scoring mechanisms for MTTD, MTTC, reporting accuracy, and team coordination 5. Cyber Doctrine & Policy Mentor - Frameworks: NATO Comprehensive Cyber Defence Policy (2021), 2023 Cyber Defence Pledge, VCISC, or equivalent national doctrine (e.g., U.S. DoD Cyber Strategy, UK NCSC Operating Framework) - Experience:  - Taught legal, policy, and operational boundaries of cyber operations (e.g., Article 5 implications, international law in cyberspace)  - Background in military staff colleges, national cyber commands, or accredited defence institutions  - Skilled at facilitating discussion-based seminars for small, high-caliber groups How to Apply:If you have deep expertise in even one of these areas, please apply. We value specialization over generalization, submit: - Your LinkedIn profile - CV highlighting your Tier 3 SOC operational history - A brief note (≤1000 words) describing your experience delivering technical training or assessments to small cohorts (4–6 learners) in high-stakes environments Note: This engagement is project-based, requires eligibility for security clearance, and prioritizes candidates with verifiable Tier 3 SOC experience and instructional capability—even if limited to a single domain.