Position Summary

ECS is seeking an Operational Technology Engineer - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - by monitoring and analyzing security telemetry across Operational Technology (OT), Industrial Control System (ICS), and Defense Critical Infrastructure (DCI) environments to detect anomalous activity, policy violations, and indicators of compromise. The role contributes to ENOCS Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by reviewing OT network traffic, system logs, and sensor outputs, documenting risk impacts, supporting remediation validation, and coordinating with SOC/CIRT personnel, OT engineers, and facility stakeholders to investigate and contain cyber events while preserving operational continuity.

Please Note: This position is contingent upon contract award.

This role directly supports ARNG's mission to defend classified and unclassified network environments that enable operations for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The Operational Technology Engineer - Journeyman operates within a cybersecurity environment aligned to ARNG Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. In support of the program's OT/DCI mission space, the position works within an enterprise cyber defense architecture that includes USIEM, C2C, DLP analytics, IDS/IPS-informed monitoring, SOC and CIRT coordination, and RMF-based continuous monitoring practices designed to protect mission-critical infrastructure without disrupting safety, reliability, or availability.

Responsibilities

• Monitor OT, ICS, and DCI security telemetry to identify anomalous behavior, policy violations, indicators of compromise, and misconfigurations affecting control system networks.
• Analyze OT network traffic, system logs, and sensor outputs to assess threats while accounting for operational safety, system availability, and mission continuity requirements.
• Document security findings, risk impacts, and remediation status to support continuous monitoring, vulnerability management, and ARNG cybersecurity reporting objectives.
• Coordinate with SOC and CIRT personnel to investigate, escalate, and help contain cybersecurity events affecting OT and DCI environments.
• Support validation of vulnerability mitigation and remediation actions within operational environments to help maintain secure baseline configurations and resilient cyber posture.
• Align monitoring, analysis, and reporting activities with DoD and ARNG cybersecurity policy, RMF requirements, and ongoing authorization and compliance objectives.
• Contribute to Task 3 cybersecurity operations deliverables by supporting proactive DCO-IDM activities across ARNG classified and unclassified environments.
• Work with OT engineers and facility stakeholders to evaluate potential cyber impacts to mission-critical infrastructure and recommend response actions that preserve operational continuity.
• Support the OT/DCI monitoring approach described for ENOCS by helping extend enterprise detection visibility through USIEM and related cyber defense capabilities into operational technology environments.
• Coordinate, as required, within the broader ENOCS cyber defense structure that interfaces with the NETCOM Global Cyber Center and DISA DCDC for enterprise cybersecurity operations.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 462-Control Systems Security Specialist - Basic proficiency; must hold ONE OR MORE of the following: DAF 462 (Basic) (ICS)

Experience: 3+ years of experience in cybersecurity

• Experience monitoring and analyzing security events in OT, ICS, or DCI environments.
• Ability to review network traffic, system logs, and sensor outputs to identify suspicious activity, threats, and configuration issues.
• Experience documenting findings, risk impacts, and remediation status in support of cybersecurity operations and continuous monitoring.
• Ability to coordinate with SOC, incident response, engineering, and stakeholder teams during investigation and containment of security events.
• Working knowledge of RMF-aligned monitoring and reporting practices in support of cybersecurity compliance objectives.
• Experience supporting vulnerability mitigation and remediation validation in environments where safety and availability are critical operational considerations.