Job Requirements
Fairfax, VA
Top Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC DMA Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3, Cybersecurity Operations Support, by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks across the ARNG enterprise. The SOC DMA Technician - Journeyman enriches indicators, supports correlation and detection content updates, produces intelligence summaries and reports, and coordinates findings with SOC analysts and CTIC leadership to strengthen 24/7/365 cybersecurity monitoring, incident analysis, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This position directly contributes to protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The role operates within a mission environment supporting Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet activities, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC. The technician supports the ENOCS cybersecurity ecosystem by helping improve visibility and detections through integrated SIEM/C2C/DLP analytics, MITRE ATT&CK-based analysis, and data feeds that inform SOC operations, incident response, and continuous monitoring.
Responsibilities
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
Security Clearance: Active TS//SCI (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC DMA Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3, Cybersecurity Operations Support, by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks across the ARNG enterprise. The SOC DMA Technician - Journeyman enriches indicators, supports correlation and detection content updates, produces intelligence summaries and reports, and coordinates findings with SOC analysts and CTIC leadership to strengthen 24/7/365 cybersecurity monitoring, incident analysis, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This position directly contributes to protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The role operates within a mission environment supporting Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet activities, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC. The technician supports the ENOCS cybersecurity ecosystem by helping improve visibility and detections through integrated SIEM/C2C/DLP analytics, MITRE ATT&CK-based analysis, and data feeds that inform SOC operations, incident response, and continuous monitoring.
Responsibilities
- Analyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging cyber risks affecting ARNG classified and unclassified environments.
- Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting for Task 3 Cybersecurity Operations Support.
- Support correlation and detection content refinement by providing actionable intelligence that improves analytic effectiveness and threat-informed defense.
- Produce intelligence summaries, technical reports, and documented findings for CTIC leadership, SOC analysts, and other cybersecurity stakeholders.
- Coordinate with SOC analysts and CTIC leadership to document findings, support continuous monitoring activities, and maintain alignment with DoD and ARNG cybersecurity policy requirements.
- Contribute to MITRE ATT&CK-based analytic development and reporting to help translate raw event data into actionable cyber intelligence for ARNG defenders.
- Support the use of integrated SIEM/C2C/DLP analytics and related data sources to improve centralized visibility and machine-speed response across the ARNG enterprise.
- Coordinate with USIEM engineers and SOC personnel to help identify the most effective enabling data sources and improve the quality of threat detection and analysis.
- Provide analysis products that support coordination with NETCOM Global Cyber Center, DISA DCDC, and other mission partners involved in DCO-IDM operations across the DoDIN-Army-NG area of responsibility.
U.S. Citizenship is required
Security Clearance: TS//SCI Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
Experience: 7+ years of experience in cybersecurity
Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
- Demonstrated ability to analyze cyber threat intelligence and operational security data to identify indicators, adversary activity, and emerging risks.
- Experience producing intelligence summaries, reports, and documented findings suitable for operational cybersecurity stakeholders.
- Ability to enrich indicators and translate analytic findings into content updates that support SOC detection and monitoring activities.
- Experience coordinating findings with analysts, technicians, and leadership in a Security Operations Center or comparable cyber operations environment.
- Working knowledge of continuous monitoring requirements and documentation practices supporting DoD or ARNG cybersecurity operations.
- Ability to support analysis in environments spanning classified and unclassified network operations.
- Familiarity with MITRE ATT&CK-based analysis and its application to threat detection and reporting.
- Experience supporting enterprise-scale cybersecurity operations for distributed users, endpoints, or geographically dispersed sites.
Security Clearance: Active TS//SCI (preferred)
- Experience supporting USIEM-related analytics, data feed integration, or detection engineering activities in a DoD cyber operations environment.
- Familiarity with SIEM/C2C/DLP analytic workflows and the use of curated data sources to improve threat visibility and response.
- Experience coordinating with organizations such as NETCOM, ARCYBER, USCYBERCOM, RCCs, or DISA in support of cyber operations or incident reporting.
- Experience supporting cybersecurity operations for SIPRNet or other classified mission environments.
- Familiarity with ARNG mission requirements supporting Title 10, Title 32, mobilization readiness, and domestic emergency response operations.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A
