Position Summary

ECS is seeking a SOC Security Engineering Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this senior Task 3 role, the selected candidate will lead the team responsible for implementing, configuring, and sustaining security engineering capabilities that enable SOC monitoring, detection, and response operations across ARNG enterprise environments. The role directly supports Cybersecurity Operations Support by integrating and maintaining security tools, sensors, log forwarding, and telemetry pipelines; validating monitoring coverage and alert fidelity; documenting configuration changes and remediation actions; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to sustain continuous monitoring in alignment with DCO-IDM objectives across the DoDIN-Army-NG area of responsibility.

This position supports ARNG's mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, spanning both classified and unclassified network environments. The SOC Security Engineering Team Lead - Senior contributes to protection of Title 10 and Title 32 missions, mobilization readiness, domestic emergency response operations, and classified SIPRNet activities by helping maintain engineering support for 24x7x365 SOC operations and integrated visibility across ARNG's cybersecurity stack. The role operates within a technical environment that includes USIEM analytics, EDR, IDS/IPS, DLP, C2C integrations, Zeek metadata, Sysmon-informed ATT&CK analytics, and RMF-aligned continuous monitoring, while coordinating with NETCOM Global Cyber Center and DISA DCDC to strengthen enterprise cyber defense.

Please Note: This position is contingent upon contract award.

Responsibilities

• Lead the implementation, configuration, and sustainment of security engineering solutions that support SOC monitoring, detection, and response across ARNG enterprise environments.
• Integrate and maintain security tools, sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation, and alert accuracy.
• Support ARNG Task 3 Cybersecurity Operations Support deliverables by enabling continuous monitoring and engineering capabilities required for DCO-IDM across classified and unclassified network environments.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to resolve monitoring gaps, improve alert fidelity, and sustain operational cybersecurity coverage.
• Engineer and maintain data integrations that support USIEM operations, including relevant feeds and telemetry used for centralized analytics, detection, and incident support.
• Assist with system hardening and validation of configuration baselines to align monitoring infrastructure with DoD and ARNG cybersecurity policy and RMF requirements.
• Troubleshoot issues affecting security monitoring coverage, log collection, sensor performance, and detection reliability across ARNG enterprise systems.
• Document configuration changes, engineering updates, and remediation actions to maintain traceability, support compliance activities, and preserve operational knowledge.
• Support coordination with NETCOM Global Cyber Center and DISA DCDC, as required, to help maintain enterprise cybersecurity operations and visibility across the DoDIN-Army-NG area of responsibility.
• Contribute to sustaining telemetry and monitoring support for ARNG's distributed enterprise of approximately 141,000 endpoints across about 2,800 sites in 54 states and territories.

Required Qualifications

U.S. Citizenship is required

Security Clearance: TS//SCI Eligible

Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Demonstrated experience implementing, configuring, and maintaining security engineering solutions that support SOC monitoring, detection, and response operations.
• Experience integrating security tools, sensors, log forwarding, and telemetry pipelines to improve monitoring coverage and event correlation.
• Experience validating configuration baselines and supporting system hardening activities in enterprise cyber operations environments.
• Ability to troubleshoot issues affecting log collection, telemetry flow, monitoring coverage, and alert fidelity.
• Experience documenting configuration changes, technical updates, and remediation actions in support of operational and compliance requirements.
• Experience coordinating across security operations, cyber intelligence, assessment, and infrastructure teams to sustain continuous monitoring capabilities.
• Familiarity with USIEM, EDR, IDS/IPS, DLP, and related enterprise security analytics environments referenced in ARNG ENOCS cybersecurity operations.
• Working knowledge of RMF-aligned continuous monitoring and cybersecurity policy compliance in classified and unclassified enterprise environments.