Job Requirements
Fairfax, VA
Top Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC Technician (Shift 3 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate supports Task 3 - Cybersecurity Operations Support by serving as a senior incident analyst within the Security Operations Center (SOC), leading investigation of high-severity alerts, reconstructing telemetry to determine scope and impact, validating containment actions prior to escalation, and mentoring junior analysts. This position contributes directly to ENOCS deliverables for 24x7x365 monitoring and analysis, incident handling, and continuous cyber defense across the DoDIN-Army-NG area of responsibility, while coordinating with broader cybersecurity operations, engineering, and response teams.
This role helps defend ARNG classified and unclassified environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC Technician (Shift 3 Lead) - Senior operates within a mission environment that supports Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position works within the ENOCS cyber defense ecosystem that includes USIEM analytics, EDR, IDS/IPS, DLP, MITRE ATT&CK-based detections, and coordination with NETCOM Global Cyber Center, DISA DCDC, RCC-ARNG, and other operational stakeholders to strengthen ARNG's Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM).
Please Note: This position is contingent upon contract award.
Responsibilities
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active TS//SCI (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC Technician (Shift 3 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate supports Task 3 - Cybersecurity Operations Support by serving as a senior incident analyst within the Security Operations Center (SOC), leading investigation of high-severity alerts, reconstructing telemetry to determine scope and impact, validating containment actions prior to escalation, and mentoring junior analysts. This position contributes directly to ENOCS deliverables for 24x7x365 monitoring and analysis, incident handling, and continuous cyber defense across the DoDIN-Army-NG area of responsibility, while coordinating with broader cybersecurity operations, engineering, and response teams.
This role helps defend ARNG classified and unclassified environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC Technician (Shift 3 Lead) - Senior operates within a mission environment that supports Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position works within the ENOCS cyber defense ecosystem that includes USIEM analytics, EDR, IDS/IPS, DLP, MITRE ATT&CK-based detections, and coordination with NETCOM Global Cyber Center, DISA DCDC, RCC-ARNG, and other operational stakeholders to strengthen ARNG's Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM).
Please Note: This position is contingent upon contract award.
Responsibilities
- Lead analysis of high-severity cybersecurity alerts and incidents, performing detailed telemetry reconstruction to determine scope, impact, and recommended next actions.
- Validate containment and response actions before escalation to incident, problem, or change processes to support disciplined SOC operations and reduce operational risk.
- Support ENOCS Task 3 monitoring and analysis activities by helping maintain effective 24x7x365 SOC operations across ARNG classified and unclassified network environments.
- Mentor junior analysts on alert triage, incident documentation, escalation quality, and investigative techniques to improve consistency and execution across the SOC.
- Refine and improve SOC playbooks, workflows, and investigative procedures based on operational findings, lessons learned, and recurring incident trends.
- Contribute to performance quality reviews by assessing analyst outputs, identifying process gaps, and recommending operational improvements to strengthen continuous monitoring execution.
- Correlate and analyze security data from USIEM, EDR, IDS/IPS, and DLP sources to support threat-informed defense and improve detection fidelity.
- Apply MITRE ATT&CK-based analytic thinking during incident investigation and coordinate with SOC leadership, service owners, and supporting teams as required to support enterprise cyber defense.
- Coordinate as needed with NETCOM Global Cyber Center, DISA DCDC, RCC-ARNG, and related cyber operations stakeholders to support incident awareness, escalation, and response alignment.
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Experience leading or performing investigation of high-severity cybersecurity alerts and incident activity in a SOC or comparable monitoring environment.
- Experience reconstructing event telemetry and analyzing multiple security data sources to determine incident scope, affected assets, and recommended containment actions.
- Experience mentoring junior analysts and improving analyst performance through review, coaching, and operational guidance.
- Experience supporting ticket and incident escalation processes in coordination with incident, problem, and change management workflows.
- Experience producing clear incident documentation, operational findings, and recommendations suitable for leadership review and follow-on action.
- Experience supporting continuous monitoring and analysis for enterprise environments with large user, endpoint, and geographically distributed site populations.
- Experience working with MITRE ATT&CK-based analytics or ATT&CK-informed detection and investigation approaches.
- Experience identifying operational gaps and contributing to updates of SOC playbooks, procedures, or monitoring processes.
Security Clearance: Active TS//SCI (preferred)
- Experience supporting Army, ARNG, or other DoD cybersecurity operations in environments spanning both classified and unclassified enclaves.
- Experience using USIEM, EDR, IDS/IPS, or DLP-enabled monitoring environments to support centralized visibility and incident analysis.
- Experience coordinating with NETCOM, DISA DCDC, RCC-ARNG, or similar operational stakeholders during cyber incident handling and escalation.
- Experience supporting Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) in enterprise environments.
- Familiarity with SIPRNet operational support requirements and cybersecurity considerations within ARNG mission environments.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A