Job Requirements
Fairfax, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking an Analytic Developer/Insider Threat Analyst - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate supports Task 3 - Cybersecurity Operations Support by developing, implementing, and refining analytic rules and detection logic used to identify anomalous user behavior, insider threat indicators, and other high-risk activity across ARNG enterprise environments. The position contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by correlating security and user activity data, triaging alerts, documenting findings, and coordinating with SOC, CIRT, cyber intelligence, defensive cyber, and security engineering teams to strengthen enterprise detection and response.
Please Note: This position is contingent upon contract award.
This role operates within a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. ENOCS supports both Title 10 and Title 32 missions, including mobilization readiness, domestic emergency response, and classified as well as unclassified operations across ARNG network environments. The Analytic Developer/Insider Threat Analyst helps improve visibility and threat-informed detection in a technical ecosystem that includes USIEM analytics, EDR, C2C/DLP-integrated monitoring, MITRE ATT&CK-based analytics, Sysmon-informed analysis, and coordination with organizations such as the NETCOM Global Cyber Center and DISA DCDC to help preserve cyber freedom of action for ARNG forces while denying it to adversaries.
Responsibilities
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 462-Control Systems Security Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: DAF 462 (Intermediate) (ICS), or, DAF 462 (Intermediate) (CS3-300)
Experience: 3+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active Secret (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking an Analytic Developer/Insider Threat Analyst - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate supports Task 3 - Cybersecurity Operations Support by developing, implementing, and refining analytic rules and detection logic used to identify anomalous user behavior, insider threat indicators, and other high-risk activity across ARNG enterprise environments. The position contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by correlating security and user activity data, triaging alerts, documenting findings, and coordinating with SOC, CIRT, cyber intelligence, defensive cyber, and security engineering teams to strengthen enterprise detection and response.
Please Note: This position is contingent upon contract award.
This role operates within a mission environment that delivers DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. ENOCS supports both Title 10 and Title 32 missions, including mobilization readiness, domestic emergency response, and classified as well as unclassified operations across ARNG network environments. The Analytic Developer/Insider Threat Analyst helps improve visibility and threat-informed detection in a technical ecosystem that includes USIEM analytics, EDR, C2C/DLP-integrated monitoring, MITRE ATT&CK-based analytics, Sysmon-informed analysis, and coordination with organizations such as the NETCOM Global Cyber Center and DISA DCDC to help preserve cyber freedom of action for ARNG forces while denying it to adversaries.
Responsibilities
- Develop, implement, and tune analytic rules and detection content to identify anomalous user activity, insider threat behaviors, and high-risk patterns across ARNG enterprise environments.
- Correlate data from multiple security and user activity sources to support alert triage, investigative analysis, and evidence-based findings.
- Perform in-depth analysis of alerts and suspicious activity, document investigative results, and maintain supporting artifacts for case development and reporting.
- Support Task 3 Cybersecurity Operations Support deliverables by contributing analytic content and investigative outputs used in 24x7x365 monitoring, threat detection, and DCO-IDM activities across the DoDIN-A(NG) area of responsibility.
- Coordinate with SOC and CIRT personnel to validate analytic findings, escalate actionable incidents, and improve detection logic based on operational feedback and post-incident analysis.
- Build and refine MITRE ATT&CK-based analytics and support correlation activities aligned with USIEM detection engineering and broader ARNG monitoring and analysis objectives.
- Leverage integrated SIEM/C2C/DLP analytics and available enterprise data sources to improve centralized visibility and machine-speed response for insider threat and anomalous behavior detection.
- Coordinate with cyber intelligence, defensive cyber, and security engineering teams to align analytic development with threat-informed defense priorities and evolving enterprise risk.
- Ensure analytic activities, reporting, and evidence handling align with DoD and ARNG cybersecurity policy, insider threat program requirements, RMF controls, and continuous monitoring objectives.
- Support coordination and information sharing with Task 3 stakeholders and operational partners, including alignment with cybersecurity operations performed in conjunction with the NETCOM Global Cyber Center and DISA DCDC.
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 462-Control Systems Security Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: DAF 462 (Intermediate) (ICS), or, DAF 462 (Intermediate) (CS3-300)
Experience: 3+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Experience developing or tuning analytic rules, detection logic, or behavioral indicators for cybersecurity monitoring or insider threat use cases.
- Experience correlating data from multiple security or user activity sources to support triage, investigative analysis, and reporting.
- Ability to document investigative findings clearly, including supporting evidence, case notes, and escalation details.
- Experience coordinating with security operations, incident response, or defensive cyber teams to validate findings and improve analytic content.
- Working knowledge of continuous monitoring objectives and security activities aligned to RMF-supported environments.
- Familiarity with MITRE ATT&CK-based analytic development or threat-informed detection approaches.
- Experience supporting enterprise cybersecurity operations in classified, unclassified, or mixed-enclave environments.
- Ability to contribute to analysis and reporting supporting large-scale enterprise environments with distributed users, endpoints, and sites.
Security Clearance: Active Secret (preferred)
- Experience supporting ARNG, Army, or other DoD cybersecurity operations programs.
- Familiarity with USIEM, EDR, or integrated SIEM/C2C/DLP analytic environments used for centralized monitoring and detection.
- Experience using Sysmon-informed telemetry, baseline and trend analysis, or other enriched data feeds to improve analytic fidelity.
- Experience coordinating with SOC, CIRT, CTI, or defensive cyber teams in a 24x7x365 operational monitoring environment.
- Familiarity with cybersecurity operations supporting both classified and unclassified network environments, including SIPRNet-related mission support contexts.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A
