DEU - Battle Watch Captain

Position Title: Battle Watch Captain

Location: Stuttgart, Germany

Minimum Security Clearance: Secret, with ability to obtain Top Secret/Sensitive Compartmented Information (TS/SCI)

eCRAFT: CSE3

Education: Bachelor's preferred

Years of Experience: 8 (or 5 with a degree)

Citizenship: U.S. Citizenship required

Position Description

The Battle Watch Captain serves as the focal point for 24/7/365 network monitoring and cyber defense coordination within a cybersecurity operations environment. This leadership role oversees Tier 2 analysts to ensure continuous, effective monitoring of subscriber networks and rapid response to cyber threats. The Battle Watch Captain maintains operational effectiveness by assigning tasks, monitoring performance, and ensuring adherence to established analytical frameworks, organizational policies, and industry standards. This role also serves as a key liaison for internal and external coordination, including interaction with United States Cyber Command (USCYBERCOM), Joint Force Headquarters–Department of Defense Information Network (JFHQ-DODIN), subscribers, and peer cybersecurity operations teams. The position plays a critical role in protecting subscriber networks and maintaining the overall cybersecurity posture of organizational infrastructure.

Duties and Responsibilities

• Lead and guide incident response (IR) and investigation activities during campaigns, ensuring tasks are completed, properly documented, and vetted
• Coordinate with reporting agencies and subscriber sites to ensure timely and accurate incident reporting
• Analyze and respond to validated security incidents, determining severity and operational impact in accordance with Chairman of the Joint Chiefs of Staff Manual (CJCSM B
• Conduct log correlation analysis using applicable tools to identify patterns in network and system activity
• Perform network and host-based digital forensics on Windows and other operating systems as required
• Support Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) signature development, refinement, and implementation
• Maintain an in-depth understanding of security concepts, protocols, processes, architectures, and tools
• Conduct ticket reviews and perform indicator and analysis quality control
• Ensure proper turnover of tasks and findings during verbal handovers and shift roll-up documentation
• Compile and maintain internal Standard Operating Procedures (SOPs) in compliance with CJCSM B and applicable directives
• Provide mentorship and guidance to Tier 2 analysts to improve triage accuracy and operational effectiveness
• Support continuous operations conducted 24/7/365 across multiple Regional Operations Centers (ROCs)

Required Skills

• Comprehensive knowledge of CJCSM B
• Expertise in Intrusion Detection and Intrusion Prevention Systems (IDS/IPS), including signature development and optimization
• Experience conducting digital forensics across multiple operating systems
• Advanced proficiency with host-based security tools and operating system logging
• Deep expertise with log aggregation and analysis tools such as Splunk, Elastic, or Microsoft Sentinel
• Proven ability to solve complex technical problems independently

Desired Skills

• Expert knowledge of incident response procedures and coordination
• Strong understanding of cybersecurity operations, protocols, and architectures
• Experience leading and mentoring analysts in an operational cyber environment
• Advanced analytical and problem-solving skills
• Excellent verbal and written communication skills

Experience, Education and Certification Requirements

• Bachelor's degree in a relevant discipline with a minimum of 5 years of experience, or at least 8 years of experience in a cybersecurity operations environment, Security Operations Center (SOC), or similar environment
• Minimum of 2 years of experience leading or managing incident response cases
• Department of Defense (DoD) Information Assurance Technical (IAT) Level III certification
• Certified Network Defender (CND) certification

Additional Information

• Position may require up to 10% travel
• Overtime may be required to support surge or major incident response activities

Benefits at 3 Reasons Consulting

At 3 Reasons Consulting, we are committed to supporting the well-being of our team with a comprehensive benefits package that includes both company-paid and shared-cost options. Our benefits are designed to enhance your health, financial security, and work-life balance to help you thrive personally and professionally as a valued member of our team.

Company-Paid Benefits

• Short/Long Term Disability
• Basic Life Insurance
• Direct Payroll Deposit
• Leave Accrual
• Holidays
• 401(k) Match

Employee / Company Shared Benefits

• Additional (Voluntary) Life Insurance
• 401(k)
• Medical Coverage
• Dental Coverage
• Vision Care Plan
• Flexible Spending Account Plan

3 Reasons Consulting is an Equal Opportunity Employer. We are committed to providing a workplace free from discrimination or harassment and hold all 3 Reasons employees accountable to protect this mission. We do not discriminate on the basis of race, color, gender, religion, national origin, sexual orientation, age, marital status, veteran status, military status, disability status, or any other characteristic protected by federal, state, or local law. All applicants will receive consideration for employment without regard to protected bases.