Job Description

ECS is seeking a SOC Technician (Shift 1) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA Supporting Task 3 — Cybersecurity Operations Support, this position monitors security events and alerts, performs initial triage and analysis, documents incidents in accordance with established SOC procedures, and escalates events per approved playbooks. The role contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations across the DoDIN-Army-NG area of responsibility and works closely with SOC leadership, Cyber Incident Response Team (CIRT) personnel, and other cybersecurity operations staff to support timely containment, case management, and continuous monitoring objectives.

Please Note: This position is contingent upon contract award.

This role helps defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC Technician supports Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) for missions spanning Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and SIPRNet-enabled operations. In this environment, the position supports security monitoring and analysis activities aligned with the program’s Unified Security Information & Event Management (USIEM), endpoint detection and response (EDR), IDS/IPS, DLP, and case management processes, while coordinating with NETCOM Global Cyber Center and DISA DCDC-connected operations as required by Task 3 deliverables.

Responsibilities

• Monitor security events, alerts, and telemetry across ARNG classified and unclassified environments and perform initial triage in accordance with established SOC procedures.
• Analyze security data to identify potential indicators of compromise, suspicious activity, and reportable incidents requiring escalation or further investigation.
• Correlate data from security monitoring sources to support threat-informed detection and improve analyst visibility into enterprise activity.
• Document incidents, investigative actions, and findings in ticketing and case management systems in support of Tier 2 incident, problem, and change processes.
• Escalate events in accordance with approved playbooks and coordinate with SOC leadership, CIRT, and other cybersecurity operations personnel to support timely containment actions.
• Support continuous monitoring activities for Task 3 by maintaining accurate records and operational artifacts needed for compliance with DoD and ARNG cybersecurity policy.
• Contribute to SOC monitoring and analysis activities that leverage USIEM, EDR, IDS/IPS, and DLP analytics for centralized visibility across the DoDIN-Army-NG area of responsibility.
• Coordinate with internal cyber teams and designated mission partners when incidents require handoff, additional analysis, or response support tied to ENOCS cybersecurity operations.
• Assist in identifying trends or recurring alert conditions that may inform tuning, reporting, or follow-on analysis within the ARNG cybersecurity operations environment.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring and assessing security alerts, events, or incident data in a SOC or comparable cybersecurity operations environment.
• Experience performing initial incident triage, documenting findings, and maintaining accurate case or ticket records.
• Familiarity with correlating telemetry from multiple security data sources to support identification of suspicious activity or indicators of compromise.
• Ability to follow established SOC procedures, escalation paths, and incident response playbooks.
• Experience supporting continuous monitoring activities in alignment with documented cybersecurity policies or operational procedures.
• Ability to coordinate effectively with analysts, incident responders, and technical leads during active cybersecurity events.