Position Summary

ECS is seeking a SOC DMA Technician - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support by leading sustainment and optimization of automated monitoring, data analytics, and reporting capabilities that enable SOC situational awareness and continuous monitoring across Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM). The role works across the SOC, CDAP, and security engineering functions to maintain reliable data feeds, dashboards, integrations, and analytic workflows; troubleshoot complex ingestion and performance issues; and provide operational metrics and recommendations that improve monitoring effectiveness and mission readiness.

In this role, the selected candidate will help defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within the ENOCS cyber operations environment that includes Unified Security Information & Event Management (USIEM), Endpoint Detection and Response (EDR), IDS/IPS, DLP analytics, and supporting data sources such as Zeek metadata and Sysmon-aligned ATT&CK monitoring. This work directly supports ARNG Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and coordination with NETCOM Global Cyber Center and DISA DCDC to maintain cyber freedom of action across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

Responsibilities

• Lead sustainment and optimization of automated monitoring, data analytics, dashboards, and reporting workflows that support SOC situational awareness and continuous monitoring across Task 3.
• Oversee the configuration, health, and performance of cybersecurity data feeds, integrations, and analytic pipelines to improve data integrity, timeliness, and reporting accuracy.
• Troubleshoot complex ingestion, correlation, and performance issues affecting SOC monitoring and digital media analysis support capabilities.
• Coordinate implementation of monitoring and reporting changes with SOC, CDAP, and security engineering teams to maintain operational continuity and configuration control.
• Support the effectiveness of USIEM analytics by validating enabling data sources, improving feed quality, and helping refine MITRE ATT&CK-based analytic outputs used for threat-informed defense.
• Contribute to monitoring and reporting workflows that incorporate ARNG cyber operations data sources and tools, including USIEM, EDR, IDS/IPS, DLP analytics, Zeek metadata, and Sysmon-based monitoring where applicable.
• Produce operational metrics, status reporting, and technical recommendations for Government stakeholders to improve monitoring effectiveness, analytic coverage, and mission readiness.
• Maintain documentation, configuration records, and change-related artifacts in accordance with program standards for traceability, reproducibility, and auditability.
• Collaborate with ENOCS cyber operations personnel and external mission partners, as required, to support coordinated monitoring activities across classified and unclassified environments and alignment with NETCOM Global Cyber Center and DISA DCDC.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 212-Cyber Defense Forensics Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: RCCE Level 1, CHFI

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience sustaining and optimizing automated monitoring, data analytics, and reporting capabilities in a Security Operations Center environment.
• Experience administering or supporting cybersecurity data feeds, system integrations, dashboards, and analytic workflows used for continuous monitoring.
• Demonstrated ability to troubleshoot complex data ingestion, correlation, and performance issues affecting operational monitoring and reporting.
• Experience coordinating technical changes across multiple cyber operations stakeholders while maintaining documentation and configuration management discipline.
• Ability to develop and present operational metrics and technical recommendations to Government stakeholders to improve monitoring effectiveness and mission readiness.
• Experience supporting cybersecurity operations across classified and unclassified network environments.
• Familiarity with SIEM-centered monitoring architectures and security telemetry sources used to support enterprise-scale cyber operations.
• Ability to support continuous monitoring activities aligned to DCO-IDM objectives within a large, distributed DoD enterprise.