Position Summary

ECS is seeking a SOC CTIC Technician - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate will support Task 3 - Cybersecurity Operations Support by assisting threat intelligence operations that strengthen Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. The SOC CTIC Technician will collect and organize indicators, assist with enrichment activities, update detection content under senior guidance, and produce summary reporting and analytic documentation that improve SOC situational awareness and continuous monitoring compliance. This position works as part of the broader cybersecurity operations team supporting SOC monitoring, incident analysis, and coordinated cyber defense activities.

The role directly supports ARNG's mission to deliver secure enterprise services to more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions and both classified and unclassified network environments. The SOC CTIC Technician contributes to operations aligned with the Security Operations Center and Unified Security Information & Event Management (USIEM) analytic environment, where integrated SIEM/C2C/DLP analytics, MITRE ATT&CK-based detections, and curated data sources such as Zeek metadata and Sysmon monitoring are used to improve enterprise visibility. This work helps sustain cyber readiness for ARNG operations, including mobilization readiness, domestic emergency response, and coordination with NETCOM Global Cyber Center and DISA DCDC.

Please Note: This position is contingent upon contract award.

Responsibilities

• Collect, organize, and maintain cyber threat indicators, observables, and related analytic data to support SOC threat intelligence operations.
• Assist senior analysts with enrichment of indicators and events to improve threat context, prioritization, and operational awareness.
• Update and refine detection content under senior guidance to support continuous monitoring and threat-informed defense across ARNG network environments.
• Produce summary reports, analytic notes, and supporting documentation that enhance SOC situational awareness and support continuous monitoring compliance.
• Support MITRE ATT&CK-aligned analysis activities by helping map indicators and observed behaviors to adversary tactics, techniques, and procedures.
• Contribute to USIEM analytic support by organizing relevant data inputs and assisting with correlation activities that improve detection quality.
• Help maintain awareness of data feeds used in the ARNG cyber environment, including sources such as Zeek metadata and Sysmon-based monitoring, to support more effective detections.
• Coordinate analytic support activities with SOC personnel and related cybersecurity teams operating in conjunction with NETCOM Global Cyber Center and DISA DCDC.
• Assist with documentation and reporting that support 24x7x365 cybersecurity operations defending ARNG classified and unclassified enclaves across the DoDIN-Army-NG area of responsibility.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience collecting, organizing, and tracking threat indicators and related analytic artifacts in support of cyber defense operations.
• Ability to assist with indicator enrichment and prepare concise summary reporting for SOC or cybersecurity operations teams.
• Familiarity with continuous monitoring concepts and documentation practices used to support cybersecurity compliance activities.
• Exposure to SIEM-driven analysis workflows and security event correlation in an enterprise environment.
• Ability to follow senior guidance to update detection content and maintain supporting analytic documentation.
• Working knowledge of MITRE ATT&CK-based analytic methods for organizing and interpreting threat activity.