Position Summary

ECS is seeking a Cybersecurity Threat Analyst - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will support Task 3 - Cybersecurity Operations Support by analyzing emerging threats, correlating security telemetry, identifying risk trends, and producing findings that strengthen proactive cyber defense across the ARNG enterprise. The Cybersecurity Threat Analyst works closely with SOC, cyber threat intelligence, and defensive cyber personnel to refine detections, support continuous monitoring, and provide reporting that informs incident analysis, compliance activities, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) within the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

This position directly supports ARNG's mission to deliver secure DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions. The role operates within a technical environment that includes classified and unclassified network environments, SIPRNet and NIPRNet operations, and integrated cyber defense capabilities such as USIEM analytics, EDR, IDS/IPS event monitoring, DLP analytics, Zeek metadata, Sysmon-based monitoring, and MITRE ATT&CK-based detection analysis. The analyst's work contributes to operational readiness, mobilization support, domestic emergency response, and coordination with enterprise cyber stakeholders including the NETCOM Global Cyber Center and DISA DCDC.

Responsibilities

• Analyze emerging cyber threats, attack patterns, and security telemetry to identify operational risk trends affecting ARNG classified and unclassified network environments.
• Correlate threat intelligence with security events, indicators, and operational data to support proactive defense across Task 3 - Cybersecurity Operations Support.
• Support refinement of detection content and analytic logic in coordination with SOC, cyber threat intelligence, and defensive cyber teams.
• Develop findings, recommendations, and written threat reporting that support continuous monitoring requirements and alignment with DoD and ARNG cybersecurity policy.
• Perform event correlation and pattern analysis using available enterprise data sources, including USIEM analytics, EDR, IDS/IPS events, DLP analytics, Zeek metadata, and Sysmon-derived monitoring.
• Apply MITRE ATT&CK-based analytic approaches to help identify adversary tactics, techniques, and procedures and improve threat-informed detection coverage.
• Coordinate with operational stakeholders, including the NETCOM Global Cyber Center and DISA DCDC, as required to support shared situational awareness across the DoDIN-Army-NG area of responsibility.
• Document threat analysis results, recommended actions, and supporting evidence for use by SOC analysts, incident response personnel, and cybersecurity leadership.
• Contribute to continuous monitoring and compliance reporting by producing accurate, traceable analysis that supports broader RMF and cybersecurity operations objectives.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 212-Cyber Defense Forensics Analyst - Advance proficiency; must hold ONE OR MORE of the following: GREM, CFR, CySA+, GCFA, GCFE, PenTest+

Experience: 3+ years of experience in cybersecurity

Education: Masters degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience analyzing threat activity, security events, and operational indicators to identify trends, risks, and potential malicious activity.
• Experience producing written analytical findings, recommendations, and reporting suitable for operational and compliance stakeholders.
• Experience supporting threat research, event correlation, and detection improvement activities in coordination with cybersecurity operations teams.
• Familiarity with continuous monitoring practices in support of DoD or ARNG cybersecurity policy requirements.
• Ability to correlate data from multiple security sources to support incident analysis and proactive defense activities.
• Experience working in environments that support both classified and unclassified network operations.
• Ability to document analysis in a clear, auditable manner that supports operational follow-through and compliance reporting.