Position Summary

ECS is seeking a Cybersecurity Engineer (CDAP) - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate will support Task 3 - Cybersecurity Operations Support by implementing and maintaining CDAP data ingestion pipelines, connectors, and analytic components that enable enterprise security monitoring across ARNG classified and unclassified environments. The position contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by helping ensure reliable telemetry, validated platform performance, dashboard integration, and documented configuration control in support of continuous monitoring, cybersecurity engineering, and operational reporting. The Cybersecurity Engineer (CDAP) works closely with broader ENOCS cybersecurity operations personnel, including SOC, data feed, incident analysis, and RMF support teams.

Please Note: This position is contingent upon contract award.

This role supports a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The Cybersecurity Engineer (CDAP) helps sustain the data and analytics foundation that feeds ARNG enterprise cyber operations by supporting telemetry and reporting aligned to the program's integrated SIEM/C2C/DLP analytics approach, RMF continuous monitoring objectives, and coordination across the DoDIN-A(NG) area of responsibility with organizations such as the NETCOM Global Cyber Center and DISA DCDC.

Responsibilities

• Implement and maintain CDAP data ingestion pipelines, connectors, and analytic components that support enterprise security monitoring across ARNG cybersecurity operations.
• Configure and sustain platform components used to collect, normalize, and deliver reliable telemetry for continuous monitoring and operational reporting.
• Troubleshoot data flow, connector, and platform performance issues to improve the quality, timeliness, and reliability of security telemetry and dashboard outputs.
• Support performance validation and testing activities to confirm analytic components, ingestion pipelines, and reporting integrations are operating as intended.
• Integrate validated telemetry and analytic outputs into dashboards and reporting views that support cybersecurity operations and enterprise visibility.
• Document configuration changes, component updates, and validation results in accordance with program configuration control and RMF support requirements.
• Assist in aligning CDAP telemetry, reporting, and evidence artifacts with continuous monitoring objectives and eMASS-supported RMF activities.
• Support data-feed and analytics efforts associated with the ENOCS cybersecurity environment, including integration approaches aligned to USIEM and related SIEM/C2C/DLP analytics used for centralized visibility.
• Coordinate with ENOCS cybersecurity operations personnel supporting the SOC and related Task 3 functions to help ensure CDAP data pipelines support DCO-IDM monitoring across classified and unclassified ARNG enclaves.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 631-Information Systems Security Developer - Basic proficiency; must hold ONE OR MORE of the following: CC, CND, GISF, SSCP

Experience: 3+ years of experience in cybersecurity

• Experience implementing or maintaining data ingestion pipelines, connectors, or analytic components that support cybersecurity monitoring or reporting.
• Experience with platform configuration, troubleshooting, and performance validation in an enterprise security operations environment.
• Experience documenting configuration changes, test results, and technical updates in a controlled operational environment.
• Experience supporting telemetry reliability, dashboard integration, or reporting workflows for cybersecurity operations.
• Familiarity with RMF-aligned continuous monitoring activities and the use of documented technical artifacts to support security compliance.
• Ability to support cybersecurity operations in both classified and unclassified network environments.
• Ability to coordinate effectively with cybersecurity operations, engineering, and monitoring teams to resolve data quality or platform integration issues.