Position Summary

ECS is seeking a SOC Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - by implementing, configuring, and maintaining security engineering solutions that enable SOC monitoring, detection, and response across ARNG enterprise environments. The role contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by sustaining security tools, sensors, log forwarding, and telemetry pipelines; improving monitoring coverage and alert fidelity; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities aligned to ARNG and DoD cybersecurity requirements.

In this role, the selected candidate will help defend classified and unclassified ARNG network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within a mission environment supporting Title 10 and Title 32 activities, mobilization readiness, domestic emergency response, and SIPRNet operations, while coordinating with organizations and capabilities identified in the ENOCS environment such as the NETCOM Global Cyber Center, DISA DCDC, USIEM analytics, EDR, IDS/IPS, DLP, and RMF/eMASS processes. This role helps ensure ARNG forces retain cyber freedom of action while denying the same to adversaries.

Please Note: This position is contingent upon contract award.

Responsibilities

• Implement, configure, and maintain security engineering solutions that support SOC monitoring, detection, and response operations across ARNG enterprise environments.
• Integrate and sustain security sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation accuracy, and monitoring coverage.
• Support the operation and tuning of security capabilities used in the ENOCS environment, including USIEM, EDR, IDS/IPS, and related analytics feeds that enable centralized visibility and response.
• Validate security configuration baselines and assist with system hardening activities to maintain monitoring effectiveness and alignment with ARNG and DoD cybersecurity policy.
• Troubleshoot monitoring gaps, telemetry issues, and alert fidelity problems affecting SOC operations and coordinate corrective actions with infrastructure and service owner teams.
• Document configuration changes, technical issues, and remediation actions to support auditability, operational continuity, and ongoing cybersecurity engineering activities.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities and support cyber defense operations across classified and unclassified enclaves.
• Support incident and ticket escalation workflows by providing technical engineering support to Tier 2 incident, problem, and change processes as required.
• Assist with RMF-aligned monitoring and evidence support activities, including maintaining artifacts needed for compliance and integration with eMASS-related processes.
• Work in coordination with operational stakeholders identified in Task 3, including the NETCOM Global Cyber Center and DISA DCDC, to help sustain 24x7x365 cybersecurity operations across the DoDIN-A(NG) area of responsibility.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist - Basic proficiency; must hold ONE OR MORE of the following: CC, A+, CND, GCLD, GDSA, GFACT, Network+

Experience: 1+ years of experience in cybersecurity

• Experience implementing or maintaining security engineering solutions that support SOC monitoring, detection, and response activities.
• Experience integrating or sustaining security tools, sensors, log forwarding, or telemetry collection mechanisms in enterprise environments.
• Ability to troubleshoot issues affecting monitoring coverage, telemetry flow, or alert fidelity and document resulting corrective actions.
• Experience validating configuration baselines and supporting system hardening activities in accordance with established cybersecurity policies.
• Ability to coordinate effectively with SOC, CTIC, CDAP, and infrastructure stakeholders to sustain continuous monitoring operations.
• Experience producing clear technical documentation for configuration changes, remediation activities, and operational support actions.
• Familiarity with RMF-aligned continuous monitoring activities and the maintenance of compliance-related cybersecurity artifacts.