Job Requirements
Fairfax, VA
Top Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC Technician (Shift 2 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3 - Cybersecurity Operations Support - by providing senior-level oversight of Security Operations Center activities, validating complex alert triage decisions, reviewing case documentation for accuracy and completeness, and ensuring appropriate escalation of high-risk incidents. The position contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations, monitoring, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility, while working in coordination with broader SOC, incident response, engineering, and cyber defense teams.
In this role, the selected candidate will help defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position supports mission continuity for Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet operations by analyzing events across integrated security telemetry and improving detection effectiveness. The SOC environment aligns with ENOCS cybersecurity operations that leverage USIEM analytics, EDR, IDS/IPS event visibility, MITRE ATT&CK-based analytics, and coordination with NETCOM Global Cyber Center and DISA DCDC to strengthen centralized visibility, incident escalation, and coordinated cyber defense.
Please Note: This position is contingent upon contract award.
Responsibilities
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active TS//SCI (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC Technician (Shift 2 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3 - Cybersecurity Operations Support - by providing senior-level oversight of Security Operations Center activities, validating complex alert triage decisions, reviewing case documentation for accuracy and completeness, and ensuring appropriate escalation of high-risk incidents. The position contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations, monitoring, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility, while working in coordination with broader SOC, incident response, engineering, and cyber defense teams.
In this role, the selected candidate will help defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position supports mission continuity for Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet operations by analyzing events across integrated security telemetry and improving detection effectiveness. The SOC environment aligns with ENOCS cybersecurity operations that leverage USIEM analytics, EDR, IDS/IPS event visibility, MITRE ATT&CK-based analytics, and coordination with NETCOM Global Cyber Center and DISA DCDC to strengthen centralized visibility, incident escalation, and coordinated cyber defense.
Please Note: This position is contingent upon contract award.
Responsibilities
- Validate complex alert triage decisions and ensure accurate prioritization of cybersecurity events, incidents, and associated response actions within the SOC.
- Review case documentation for completeness, quality, and operational accuracy to support incident handling, reporting, and auditability.
- Ensure timely escalation of high-risk or coordinated cyber activity to appropriate Tier 2 incident, problem, and change processes and supporting cyber operations teams.
- Conduct advanced correlation analysis across multiple telemetry sources to identify persistent, coordinated, or emerging threat activity affecting ARNG classified and unclassified environments.
- Support trend analysis efforts to identify recurring patterns, operational gaps, and opportunities to improve SOC detection and response effectiveness across the ENOCS enterprise.
- Contribute to detection improvement initiatives by helping refine analytics and alerting approaches aligned to MITRE ATT&CK-based analysis used within the ENOCS cybersecurity operations environment.
- Leverage integrated USIEM, EDR, and IDS/IPS-derived event visibility to support centralized monitoring and stronger threat-informed analysis across the DoDIN-A(NG) area of responsibility.
- Coordinate with SOC analysts, service owners, and other cybersecurity operations personnel to maintain consistent case handling and situational awareness for incidents affecting approximately 141,000 endpoints across 54 states and territories.
- Support cybersecurity operations conducted in coordination with the NETCOM Global Cyber Center and DISA DCDC to help preserve ARNG cyber freedom of action and strengthen enterprise defense.
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Demonstrated ability to validate analyst triage decisions and determine when escalation is required for high-risk cybersecurity events.
- Experience reviewing incident and case documentation for technical accuracy, completeness, and adherence to operational processes.
- Ability to perform correlation analysis across multiple security telemetry sources to identify related activity, persistent threats, or coordinated attacks.
- Experience supporting continuous cybersecurity monitoring and analysis in enterprise network environments with both classified and unclassified enclaves.
- Knowledge of SOC operations supporting incident, problem, and change process interactions in a 24/7/365 monitoring environment.
- Ability to analyze trends in alerting and incident activity and translate findings into actionable detection or workflow improvements.
- Experience supporting cybersecurity operations for large, distributed enterprises with geographically dispersed users, endpoints, and mission dependencies.
Security Clearance: Active TS//SCI (preferred)
- Experience supporting Army, ARNG, or other DoD cybersecurity operations within a Security Operations Center environment.
- Familiarity with USIEM analytics, EDR visibility, and IDS/IPS event analysis in support of enterprise threat detection and escalation.
- Experience applying MITRE ATT&CK-based analytic methods to improve detection logic and incident analysis.
- Experience coordinating cybersecurity activities with organizations such as NETCOM, DISA, RCCs, ARCYBER, or related defense cyber stakeholders.
- Familiarity with cybersecurity operations supporting SIPRNet or other classified mission environments.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A