Position Summary

ECS is seeking a SOC CTIC Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 - Cybersecurity Operations Support by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks that inform Security Operations Center (SOC) monitoring and response. The position contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations, threat detection, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by enriching indicators, supporting correlation and detection content updates, producing intelligence reporting, and coordinating findings with SOC analysts and CTIC leadership.

Please Note: This position is contingent upon contract award.

This role supports ARNG's mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, helping sustain services for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC CTIC Technician - Journeyman operates within an enterprise environment that includes Unified Security Information & Event Management (USIEM), EDR, IDS/IPS, DLP, and supporting data sources such as Zeek metadata and Sysmon-informed ATT&CK analytics, while coordinating with organizations including the NETCOM Global Cyber Center and DISA DCDC. The role supports cyber defense outcomes tied to ARNG Title 10 and Title 32 missions, classified SIPRNet operations, mobilization readiness, and domestic emergency response.

Responsibilities

• Analyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging risks affecting ARNG classified and unclassified environments.
• Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting within Task 3 Cybersecurity Operations Support.
• Support updates to correlation logic and detection content used in SOC operations, helping improve threat-informed detections and monitoring effectiveness.
• Produce intelligence summaries, reports, and documented findings for SOC analysts, CTIC leadership, and other cybersecurity stakeholders.
• Coordinate with SOC analysts and technical teams to translate threat information into actionable detection, monitoring, and response support.
• Contribute to USIEM analytics activities by helping correlate available security data and documenting findings that improve centralized visibility and response.
• Support analysis aligned to MITRE ATT&CK-based detections using enterprise data sources identified in the ENOCS environment, including Zeek metadata and Sysmon-informed monitoring.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and related cybersecurity stakeholders as required to support threat analysis, reporting, and continuous monitoring objectives across the DoDIN-A(NG) area of responsibility.
• Document intelligence findings and supporting artifacts in accordance with DoD and ARNG cybersecurity policy, continuous monitoring, and reporting requirements.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 3+ years of experience in cybersecurity

• Experience analyzing threat intelligence, indicators, and operational security data to support cyber defense or SOC activities.
• Experience documenting findings in intelligence summaries, reports, or other written products for operational or leadership use.
• Experience coordinating with analysts, engineers, or operational stakeholders to communicate threat findings and support follow-on action.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity requirements.
• Working knowledge of SIEM-supported analysis and correlation in enterprise security operations environments.
• Familiarity with classified and unclassified network defense operations in support of mission-critical environments.