Job Requirements
Fairfax, VA
Top Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a Network Security Engineer (CDAP) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the engineer supports Task 3 - Cybersecurity Operations Support by designing, implementing, and optimizing network security monitoring and analytic capabilities within the Cybersecurity Data Analytics Platform (CDAP). The position contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility by engineering data ingestion from network sensors and boundary devices, improving detection logic, and coordinating with SOC, CTIC, defensive cyber, and infrastructure teams to strengthen ARNG network defense operations.
This role operates in a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, supporting Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified and unclassified operations. The Network Security Engineer (CDAP) - Senior helps improve visibility and response across environments that include USIEM analytics, EDR, IDS/IPS, firewall technologies, cross domain services, and SIPRNet and NIPRNet-connected operations, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC to advance continuous monitoring, threat-informed defense, and RMF-aligned cybersecurity outcomes.
Please Note: This position is contingent upon contract award.
Responsibilities
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 441-Network Operations Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: CND, GFACT, GSEC, Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active TS//SCI (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a Network Security Engineer (CDAP) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the engineer supports Task 3 - Cybersecurity Operations Support by designing, implementing, and optimizing network security monitoring and analytic capabilities within the Cybersecurity Data Analytics Platform (CDAP). The position contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility by engineering data ingestion from network sensors and boundary devices, improving detection logic, and coordinating with SOC, CTIC, defensive cyber, and infrastructure teams to strengthen ARNG network defense operations.
This role operates in a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, supporting Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified and unclassified operations. The Network Security Engineer (CDAP) - Senior helps improve visibility and response across environments that include USIEM analytics, EDR, IDS/IPS, firewall technologies, cross domain services, and SIPRNet and NIPRNet-connected operations, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC to advance continuous monitoring, threat-informed defense, and RMF-aligned cybersecurity outcomes.
Please Note: This position is contingent upon contract award.
Responsibilities
- Design and implement network security monitoring and analytics capabilities within CDAP to improve threat visibility across ARNG classified and unclassified network environments.
- Engineer and maintain data ingestion pipelines from network sensors, firewalls, IDS/IPS, and boundary protection devices to support centralized security analytics and continuous monitoring.
- Develop, tune, and validate correlation rules and detection logic to improve detection fidelity, reduce false positives, and strengthen DCO-IDM operations across DoDIN-connected environments.
- Support configuration hardening, performance optimization, and validation testing of network security technologies in alignment with DoD and ARNG cybersecurity policy and RMF objectives.
- Coordinate with SOC, CTIC, defensive cyber, and infrastructure teams to refine detections, improve analytic coverage, and support cyber incident identification and response workflows.
- Leverage integrated USIEM, C2C, and DLP analytics approaches described for Task 3 to enhance centralized visibility and machine-speed response across the ARNG enterprise.
- Coordinate with USIEM engineers and related cybersecurity teams to improve enabling data sources, support MITRE ATT&CK-based analytic development, and strengthen enterprise detection outcomes.
- Support monitoring and defense of environments spanning approximately 141,000 endpoints across 2,800 sites in 54 states and territories, helping protect mission operations tied to Title 10, Title 32, and domestic emergency response requirements.
- Contribute to cybersecurity operations performed in coordination with the NETCOM Global Cyber Center and DISA DCDC, ensuring analytic and monitoring capabilities support 24x7x365 ARNG cyber defense objectives.
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 441-Network Operations Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: CND, GFACT, GSEC, Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Experience designing and optimizing network security monitoring, analytics, or detection capabilities for enterprise network environments.
- Experience engineering data ingestion pipelines from network sensors, firewalls, IDS/IPS, or other boundary protection devices into centralized analytic platforms.
- Experience developing, tuning, and validating correlation rules or detection logic to improve threat visibility and reduce false positives.
- Experience supporting configuration hardening, validation testing, and performance optimization of network security technologies.
- Experience coordinating with SOC, threat analysis, defensive cyber, or infrastructure teams to improve detection coverage and operational response.
- Working knowledge of RMF-aligned continuous monitoring objectives and application of DoD or ARNG cybersecurity policy to operational security tooling.
Security Clearance: Active TS//SCI (preferred)
- Experience supporting cybersecurity operations in DoDIN-connected environments spanning both classified and unclassified enclaves, including NIPRNet and SIPRNet.
- Experience working with USIEM analytics, EDR, IDS/IPS tuning, or related enterprise monitoring and detection engineering activities.
- Familiarity with MITRE ATT&CK-based analytic development and threat-informed detection methods within a SOC or cyber operations environment.
- Experience coordinating cybersecurity data feeds or detection requirements with NETCOM, ARCYBER, USCYBERCOM, RCCs, or similar operational stakeholders.
- Experience supporting cyber defense operations at large enterprise scale across geographically dispersed sites, users, and endpoints.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A