Job Description

ECS is seeking a SOC Technician (Shift 3) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA In this role, the candidate supports Task 3 — Cybersecurity Operations Support by monitoring security logs, network telemetry, and endpoint alerts; identifying anomalous activity and potential indicators of compromise; performing preliminary log correlation and pattern analysis; documenting findings in case management systems; and escalating events in accordance with established response procedures. This position contributes directly to ENOCS 24x7x365 cybersecurity operations and integrates with the broader SOC, Cyber Incident Response Team (CIRT), watch officers, engineers, and service owners supporting Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

The role supports ARNG’s mission to defend classified and unclassified network environments serving more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. ENOCS supports Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations, making timely detection, documentation, and escalation of cyber events essential to mission continuity. The SOC Technician works within the program’s operational cyber environment, supporting centralized visibility and response through USIEM, EDR, IDS/IPS, and integrated SIEM/C2C/DLP analytics while coordinating within established processes aligned to ARNG and DoD cybersecurity policy.

Responsibilities

• Monitor security logs, network telemetry, and endpoint alerts to identify anomalous activity and potential indicators of compromise across ARNG classified and unclassified environments.
• Perform initial log correlation and preliminary pattern analysis using approved analytic rules and established SOC procedures.
• Open, update, and maintain tickets and incident records in case management systems with accurate technical detail, status, and supporting evidence.
• Escalate suspicious events and potential incidents to Tier 2 incident, problem, and change processes in accordance with documented response procedures.
• Support continuous monitoring activities and reporting requirements aligned with DoD and ARNG cybersecurity policy.
• Document findings clearly to enable follow-on analysis by SOC Tier 2, CIRT, and other cybersecurity operations personnel.
• Assist with evidence tracking and artifact handling to support incident review, response actions, and auditability.
• Contribute to SOC operations that leverage USIEM, EDR, and integrated SIEM/C2C/DLP analytics for centralized security visibility across the DoDIN-A(NG) area of responsibility.
• Coordinate event reporting and operational handoff within established SOC workflows that interface with organizations such as the NETCOM Global Cyber Center and DISA DCDC.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring security events, alerts, or logs in support of cybersecurity operations.
• Ability to identify anomalous activity and recognize potential indicators of compromise from network and endpoint telemetry.
• Experience documenting findings, maintaining ticket accuracy, and updating case management records.
• Ability to follow established escalation procedures for incidents, problems, and changes.
• Familiarity with continuous monitoring support activities and evidence tracking in a DoD or ARNG-aligned environment.
• Ability to support analyst handoff and communicate event details clearly to follow-on responders and service owners.