Job Requirements
Fairfax, VA
Top Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC Security Engineering Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this senior Task 3 role, the selected candidate will lead the team responsible for implementing, configuring, and sustaining security engineering capabilities that enable SOC monitoring, detection, and response operations across ARNG enterprise environments. The role directly supports Cybersecurity Operations Support by integrating and maintaining security tools, sensors, log forwarding, and telemetry pipelines; validating monitoring coverage and alert fidelity; documenting configuration changes and remediation actions; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to sustain continuous monitoring in alignment with DCO-IDM objectives across the DoDIN-Army-NG area of responsibility.
This position supports ARNG's mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, spanning both classified and unclassified network environments. The SOC Security Engineering Team Lead - Senior contributes to protection of Title 10 and Title 32 missions, mobilization readiness, domestic emergency response operations, and classified SIPRNet activities by helping maintain engineering support for 24x7x365 SOC operations and integrated visibility across ARNG's cybersecurity stack. The role operates within a technical environment that includes USIEM analytics, EDR, IDS/IPS, DLP, C2C integrations, Zeek metadata, Sysmon-informed ATT&CK analytics, and RMF-aligned continuous monitoring, while coordinating with NETCOM Global Cyber Center and DISA DCDC to strengthen enterprise cyber defense.
Please Note: This position is contingent upon contract award.
Responsibilities
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active TS//SCI (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC Security Engineering Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this senior Task 3 role, the selected candidate will lead the team responsible for implementing, configuring, and sustaining security engineering capabilities that enable SOC monitoring, detection, and response operations across ARNG enterprise environments. The role directly supports Cybersecurity Operations Support by integrating and maintaining security tools, sensors, log forwarding, and telemetry pipelines; validating monitoring coverage and alert fidelity; documenting configuration changes and remediation actions; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to sustain continuous monitoring in alignment with DCO-IDM objectives across the DoDIN-Army-NG area of responsibility.
This position supports ARNG's mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, spanning both classified and unclassified network environments. The SOC Security Engineering Team Lead - Senior contributes to protection of Title 10 and Title 32 missions, mobilization readiness, domestic emergency response operations, and classified SIPRNet activities by helping maintain engineering support for 24x7x365 SOC operations and integrated visibility across ARNG's cybersecurity stack. The role operates within a technical environment that includes USIEM analytics, EDR, IDS/IPS, DLP, C2C integrations, Zeek metadata, Sysmon-informed ATT&CK analytics, and RMF-aligned continuous monitoring, while coordinating with NETCOM Global Cyber Center and DISA DCDC to strengthen enterprise cyber defense.
Please Note: This position is contingent upon contract award.
Responsibilities
- Lead the implementation, configuration, and sustainment of security engineering solutions that support SOC monitoring, detection, and response across ARNG enterprise environments.
- Integrate and maintain security tools, sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation, and alert accuracy.
- Support ARNG Task 3 Cybersecurity Operations Support deliverables by enabling continuous monitoring and engineering capabilities required for DCO-IDM across classified and unclassified network environments.
- Coordinate with SOC, CTIC, CDAP, and infrastructure teams to resolve monitoring gaps, improve alert fidelity, and sustain operational cybersecurity coverage.
- Engineer and maintain data integrations that support USIEM operations, including relevant feeds and telemetry used for centralized analytics, detection, and incident support.
- Assist with system hardening and validation of configuration baselines to align monitoring infrastructure with DoD and ARNG cybersecurity policy and RMF requirements.
- Troubleshoot issues affecting security monitoring coverage, log collection, sensor performance, and detection reliability across ARNG enterprise systems.
- Document configuration changes, engineering updates, and remediation actions to maintain traceability, support compliance activities, and preserve operational knowledge.
- Support coordination with NETCOM Global Cyber Center and DISA DCDC, as required, to help maintain enterprise cybersecurity operations and visibility across the DoDIN-Army-NG area of responsibility.
- Contribute to sustaining telemetry and monitoring support for ARNG's distributed enterprise of approximately 141,000 endpoints across about 2,800 sites in 54 states and territories.
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Demonstrated experience implementing, configuring, and maintaining security engineering solutions that support SOC monitoring, detection, and response operations.
- Experience integrating security tools, sensors, log forwarding, and telemetry pipelines to improve monitoring coverage and event correlation.
- Experience validating configuration baselines and supporting system hardening activities in enterprise cyber operations environments.
- Ability to troubleshoot issues affecting log collection, telemetry flow, monitoring coverage, and alert fidelity.
- Experience documenting configuration changes, technical updates, and remediation actions in support of operational and compliance requirements.
- Experience coordinating across security operations, cyber intelligence, assessment, and infrastructure teams to sustain continuous monitoring capabilities.
- Familiarity with USIEM, EDR, IDS/IPS, DLP, and related enterprise security analytics environments referenced in ARNG ENOCS cybersecurity operations.
- Working knowledge of RMF-aligned continuous monitoring and cybersecurity policy compliance in classified and unclassified enterprise environments.
Security Clearance: Active TS//SCI (preferred)
- Preferred experience supporting DoD or Army cybersecurity operations for large, geographically distributed enterprises.
- Preferred experience with USIEM data integration, detection engineering support, and telemetry tuning for enterprise SOC operations.
- Preferred familiarity with ATT&CK-based analytics, including use of Zeek metadata and Sysmon-informed data sources to improve detection coverage.
- Preferred experience coordinating cybersecurity engineering activities with organizations such as NETCOM, ARCYBER, USCYBERCOM, RCCs, or DISA cyber operations stakeholders.
- Preferred experience supporting cybersecurity operations in both NIPRNet and SIPRNet or other classified and unclassified enclave environments.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A