Job Description

ECS is seeking a SOC Technician (Shift 2) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA In this role, the selected candidate supports Task 3 — Cybersecurity Operations Support by monitoring security events and alerts, performing initial triage and analysis, documenting incidents, correlating telemetry to identify indicators of compromise, and escalating events in accordance with established SOC procedures and playbooks. The position contributes to ENOCS 24/7/365 cybersecurity operations by supporting continuous monitoring, ticketing, case management, and coordination with SOC leadership and the Cyber Incident Response Team (CIRT) to enable timely containment and response actions across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

This role directly supports ARNG’s mission to deliver DoDIN services and conduct Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC Technician helps defend both classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and SIPRNet operations. The position operates within ENOCS’ cybersecurity environment using centralized monitoring and analytics capabilities such as USIEM, integrated SIEM/C2C/DLP analytics, IDS/IPS event flows, endpoint detection and response, and coordination processes aligned with NETCOM Global Cyber Center and DISA DCDC.

Responsibilities

• Monitor security events, alerts, and telemetry across ARNG classified and unclassified environments in support of continuous SOC operations.
• Perform initial triage and analysis of suspicious activity to identify indicators of compromise and determine appropriate incident priority and escalation path.
• Correlate event data from multiple sources to support threat detection, incident identification, and timely reporting in accordance with established SOC procedures.
• Document incidents, actions taken, and relevant findings in ticketing and case management systems to maintain accurate operational records.
• Escalate cybersecurity events to Tier 2 incident, problem, and change processes using approved playbooks and communication procedures.
• Coordinate with SOC leadership, CIRT, and other security operations teams to support containment actions, incident handling, and follow-on response activities.
• Support monitoring and analysis activities using USIEM and integrated SIEM/C2C/DLP analytics to improve centralized visibility across the ARNG enterprise.
• Review and communicate relevant IDS/IPS, EDR, and related security monitoring data to assist in detecting anomalous activity affecting approximately 141,000 endpoints across 2,800 sites.
• Coordinate, as directed, with mission and operational partners aligned to ENOCS cybersecurity operations, including NETCOM Global Cyber Center and DISA DCDC, to support incident reporting and operational awareness.
• Support compliance with continuous monitoring requirements and applicable DoD and ARNG cybersecurity policies through accurate documentation and disciplined incident handling.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring security alerts, reviewing event data, and performing initial incident triage in a SOC or similar cyber defense environment.
• Ability to document incidents clearly and maintain accurate case notes in accordance with established procedures and escalation workflows.
• Familiarity with correlating telemetry to identify indicators of compromise and support incident analysis.
• Experience supporting ticketing and case management processes for cybersecurity events and operational handoff.
• Ability to follow established playbooks and coordinate with SOC leadership and incident response personnel during active events.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity policy compliance.
• Experience working with enterprise security monitoring data such as SIEM, IDS/IPS, DLP, or endpoint security event sources.
• Ability to support mission operations affecting large-scale distributed environments spanning multiple sites and users.