Job Requirements
Fairfax, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC CIRT Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - by assisting cyber incident response investigations through evidence collection, forensic acquisition, analysis of host and network artifacts, malware triage, root-cause analysis, containment support, recovery validation, and incident documentation. The role works closely with ENOCS cybersecurity operations personnel, including SOC, CIRT, watch officers, engineers, and analysts, to help deliver Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This role contributes to the protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC CIRT Technician - Journeyman helps sustain cyber readiness for Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations by supporting incident handling within a 24x7x365 cybersecurity enterprise. Work is performed in coordination with the broader ENOCS cyber ecosystem, including the NETCOM Global Cyber Center, DISA DCDC, USIEM-enabled monitoring and analytics, EDR-supported investigations, and continuous monitoring and reporting processes aligned to DoD and ARNG policy.
Responsibilities
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 531-Cyber Defense Incident Responder - Basic proficiency; must hold ONE OR MORE of the following: CC, GDSA, GISF
Experience: 3+ years of experience in cybersecurity
Security Clearance: Active Secret (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC CIRT Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - by assisting cyber incident response investigations through evidence collection, forensic acquisition, analysis of host and network artifacts, malware triage, root-cause analysis, containment support, recovery validation, and incident documentation. The role works closely with ENOCS cybersecurity operations personnel, including SOC, CIRT, watch officers, engineers, and analysts, to help deliver Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This role contributes to the protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC CIRT Technician - Journeyman helps sustain cyber readiness for Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations by supporting incident handling within a 24x7x365 cybersecurity enterprise. Work is performed in coordination with the broader ENOCS cyber ecosystem, including the NETCOM Global Cyber Center, DISA DCDC, USIEM-enabled monitoring and analytics, EDR-supported investigations, and continuous monitoring and reporting processes aligned to DoD and ARNG policy.
Responsibilities
- Perform evidence collection and forensic acquisition activities in support of cyber incident response investigations involving host and network artifacts.
- Analyze collected artifacts to support incident scoping, malware triage, root-cause determination, containment actions, and recovery validation.
- Document investigative actions, technical findings, and incident updates in authorized incident tracking and case management systems.
- Support preparation of incident reports, after-action documentation, and related artifacts required for continuous monitoring and ARNG cybersecurity reporting.
- Coordinate incident response activities with SOC personnel, watch officers, and service owners to support timely escalation, analysis, and resolution of cybersecurity events.
- Assist with investigations informed by USIEM detections, integrated SIEM/C2C/DLP analytics, and EDR telemetry to improve visibility and response across ARNG network environments.
- Support incident coordination and reporting actions aligned with ENOCS Task 3 deliverables and in collaboration with external organizations such as the NETCOM Global Cyber Center and DISA DCDC.
- Contribute to post-incident analysis that strengthens enterprise defenses across ARNG classified and unclassified enclaves, including support to lessons learned and recovery validation.
- Maintain records and supporting documentation in accordance with DoD and ARNG cybersecurity policy, continuous monitoring requirements, and established incident response procedures.
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 531-Cyber Defense Incident Responder - Basic proficiency; must hold ONE OR MORE of the following: CC, GDSA, GISF
Experience: 3+ years of experience in cybersecurity
- Experience supporting cyber incident investigations involving host-based and network-based evidence collection.
- Experience performing forensic acquisition and technical analysis to support incident scoping, containment, and recovery activities.
- Experience documenting investigative actions, findings, and response status in formal tracking or case management systems.
- Familiarity with malware triage, root-cause analysis, and after-action reporting in operational cybersecurity environments.
- Ability to support continuous monitoring and reporting requirements in alignment with DoD and ARNG cybersecurity policy.
- Experience collaborating with incident response, SOC, and cybersecurity operations personnel during active event handling.
- Working familiarity with classified and unclassified network security operations environments.
Security Clearance: Active Secret (preferred)
- Experience supporting DCO-IDM activities within Army, ARNG, or other DoD cybersecurity operations environments.
- Familiarity with USIEM, EDR, and integrated SIEM/C2C/DLP analytics used for threat detection and incident analysis.
- Experience coordinating incident reporting or response actions with organizations such as NETCOM, DISA, ARCYBER, or RCC stakeholders.
- Familiarity with MITRE ATT&CK-based analysis to help characterize adversary behavior and support post-incident reporting.
- Experience supporting cybersecurity operations across geographically distributed enterprise environments spanning multiple sites or enclaves.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A
