Job Description

ECS is seeking a Cybersecurity Compliance Technician (VM) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA In this Task 3, Cybersecurity Operations Support role, the selected candidate will execute enterprise vulnerability scans, analyze findings, coordinate remediation with system owners, validate corrective actions, and track POA&M status in support of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. This position contributes directly to ENOCS cybersecurity compliance, vulnerability management, and continuous monitoring deliverables and works closely with cybersecurity operations, RMF, and enterprise operations personnel to protect ARNG classified and unclassified network environments.

Please Note: This position is contingent upon contract award.

The role supports a mission environment that delivers DoDIN services to more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The Cybersecurity Compliance Technician (VM) - Junior operates within ARNG’s enterprise cybersecurity ecosystem, helping maintain secure baselines and compliance across technologies and services identified in the ENOCS environment, including ACAS, STIG Manager, eMASS, endpoint and server platforms such as MECM, Domain Controllers, and ACAS-connected assets, while coordinating within the broader cyber defense construct aligned with NETCOM Global Cyber Center and DISA DCDC.

Responsibilities

• Execute enterprise vulnerability scans and review scan results to identify compliance gaps, security weaknesses, and remediation priorities across ARNG networked systems.
• Analyze findings against applicable STIGs, IAVMs, RMF requirements, and ARNG cybersecurity directives, and document required corrective actions.
• Coordinate remediation activities with system owners and technical teams to support timely closure of vulnerabilities and restoration of secure baseline configurations.
• Validate remediation effectiveness through follow-up review and rescanning, and document results for continuous monitoring and compliance reporting.
• Track POA&M items, update status information, and support reporting on unresolved or non-compliant controls in accordance with program processes.
• Support enterprise compliance activities tied to eMASS updates, artifact maintenance, and continuous compliance validation for ARNG cybersecurity operations.
• Assist with vulnerability management activities affecting ARNG endpoint and server environments, including assets and services such as ACAS, MECM, and Domain Controllers referenced in the ENOCS operating environment.
• Coordinate vulnerability and compliance information with the broader Task 3 cybersecurity team operating in conjunction with NETCOM Global Cyber Center and DISA DCDC to support defense of ARNG classified and unclassified enclaves.
• Contribute to compliance reporting and risk documentation that help sustain cybersecurity readiness for ARNG operations across 54 states and territories.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 541-Vulnerability Assessment Analyst — Basic proficiency; must hold ONE OR MORE of the following: CEH

Experience: 3+ years of experience in cybersecurity

• Experience executing or supporting vulnerability scanning, findings analysis, and remediation tracking in an enterprise IT environment.
• Experience working with STIGs, IAVMs, POA&Ms, and RMF-related compliance processes.
• Ability to document scan findings, remediation status, and compliance results clearly and accurately for Government review.
• Experience coordinating with system owners or technical teams to validate corrective actions and closure of vulnerabilities.
• Familiarity with continuous monitoring concepts and cybersecurity compliance reporting in classified and unclassified environments.
• Experience supporting secure baseline configuration and vulnerability management activities across distributed enterprise systems.