Position Summary

ECS is seeking a SOC Technician (Shift 1 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 - Cybersecurity Operations Support by monitoring security logs, network telemetry, and endpoint alerts; identifying anomalous activity and potential indicators of compromise; performing log correlation and preliminary pattern analysis; documenting findings in case management systems; and escalating events in accordance with established response procedures. This position contributes to ENOCS's 24x7x365 cybersecurity operations by supporting Security Operations Center monitoring and analysis activities that integrate with incident, problem, and change processes across the broader cyber operations team.

This role supports ARNG's mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, enabling Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The SOC Technician helps protect an enterprise serving more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The position operates within the ENOCS cyber environment that includes Unified Security Information & Event Management (USIEM) analytics, endpoint detection and response, IDS/IPS monitoring, integrated SIEM/C2C/DLP analytics, and coordination with organizations such as the NETCOM Global Cyber Center and DISA DCDC to support Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM).

Please Note: This position is contingent upon contract award.

Responsibilities

• Monitor security logs, network telemetry, and endpoint alerts to identify anomalous activity and potential indicators of compromise across ARNG classified and unclassified environments.
• Perform log correlation and preliminary pattern analysis using approved analytic rules and established monitoring procedures to support timely detection and escalation.
• Document observations, findings, and event details in case management systems, ensuring tickets are complete, accurate, and updated throughout the response lifecycle.
• Escalate incidents and suspicious activity in accordance with established response procedures and Tier 2 incident, problem, and change processes.
• Support continuous monitoring reporting requirements aligned with DoD and ARNG cybersecurity policy, maintaining accurate records for operational visibility and auditability.
• Assist with evidence tracking and event documentation to support cyber incident response, follow-on analysis, and lessons learned.
• Leverage integrated SIEM/C2C/DLP analytics and available security data sources to improve visibility and support threat-informed monitoring within the SOC.
• Coordinate with SOC analysts, service owners, and supporting cyber teams to support USIEM and endpoint detection activities within ARNG's DCO-IDM mission.
• Contribute to cybersecurity operations that interface with the NETCOM Global Cyber Center and DISA DCDC in defense of the DoDIN-Army-NG area of responsibility.

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring security logs, network telemetry, and endpoint alerts for suspicious or anomalous activity.
• Ability to perform preliminary event analysis, pattern recognition, and log correlation using approved procedures and analytic rules.
• Experience documenting findings, maintaining ticket accuracy, and updating case management records throughout event handling activities.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity policy requirements.
• Ability to support evidence tracking and maintain organized records for incident handling and reporting.
• Familiarity with classified and unclassified network defense operations in an enterprise cybersecurity environment.
• Ability to coordinate effectively with incident response, problem management, and change management stakeholders during event escalation.