Job Requirements
Fairfax, VA
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Description Position Summary
ECS is seeking a SOC Technician (Shift 2) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA. In this role, the selected candidate supports Task 3 - Cybersecurity Operations Support by monitoring security events and alerts, performing initial triage and analysis, documenting incidents, correlating telemetry to identify indicators of compromise, and escalating events in accordance with established SOC procedures and playbooks. The position contributes to ENOCS 24/7/365 cybersecurity operations by supporting continuous monitoring, ticketing, case management, and coordination with SOC leadership and the Cyber Incident Response Team (CIRT) to enable timely containment and response actions across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This role directly supports ARNG's mission to deliver DoDIN services and conduct Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC Technician helps defend both classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and SIPRNet operations. The position operates within ENOCS' cybersecurity environment using centralized monitoring and analytics capabilities such as USIEM, integrated SIEM/C2C/DLP analytics, IDS/IPS event flows, endpoint detection and response, and coordination processes aligned with NETCOM Global Cyber Center and DISA DCDC.
Responsibilities
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF
Experience: 1+ years of experience in cybersecurity
Security Clearance: Active Secret (preferred)
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
ECS is seeking a SOC Technician (Shift 2) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA. In this role, the selected candidate supports Task 3 - Cybersecurity Operations Support by monitoring security events and alerts, performing initial triage and analysis, documenting incidents, correlating telemetry to identify indicators of compromise, and escalating events in accordance with established SOC procedures and playbooks. The position contributes to ENOCS 24/7/365 cybersecurity operations by supporting continuous monitoring, ticketing, case management, and coordination with SOC leadership and the Cyber Incident Response Team (CIRT) to enable timely containment and response actions across the DoDIN-Army-NG area of responsibility.
Please Note: This position is contingent upon contract award.
This role directly supports ARNG's mission to deliver DoDIN services and conduct Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC Technician helps defend both classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and SIPRNet operations. The position operates within ENOCS' cybersecurity environment using centralized monitoring and analytics capabilities such as USIEM, integrated SIEM/C2C/DLP analytics, IDS/IPS event flows, endpoint detection and response, and coordination processes aligned with NETCOM Global Cyber Center and DISA DCDC.
Responsibilities
- Monitor security events, alerts, and telemetry across ARNG classified and unclassified environments in support of continuous SOC operations.
- Perform initial triage and analysis of suspicious activity to identify indicators of compromise and determine appropriate incident priority and escalation path.
- Correlate event data from multiple sources to support threat detection, incident identification, and timely reporting in accordance with established SOC procedures.
- Document incidents, actions taken, and relevant findings in ticketing and case management systems to maintain accurate operational records.
- Escalate cybersecurity events to Tier 2 incident, problem, and change processes using approved playbooks and communication procedures.
- Coordinate with SOC leadership, CIRT, and other security operations teams to support containment actions, incident handling, and follow-on response activities.
- Support monitoring and analysis activities using USIEM and integrated SIEM/C2C/DLP analytics to improve centralized visibility across the ARNG enterprise.
- Review and communicate relevant IDS/IPS, EDR, and related security monitoring data to assist in detecting anomalous activity affecting approximately 141,000 endpoints across 2,800 sites.
- Coordinate, as directed, with mission and operational partners aligned to ENOCS cybersecurity operations, including NETCOM Global Cyber Center and DISA DCDC, to support incident reporting and operational awareness.
- Support compliance with continuous monitoring requirements and applicable DoD and ARNG cybersecurity policies through accurate documentation and disciplined incident handling.
U.S. Citizenship is required
Security Clearance: Secret Eligible
Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF
Experience: 1+ years of experience in cybersecurity
- Experience monitoring security alerts, reviewing event data, and performing initial incident triage in a SOC or similar cyber defense environment.
- Ability to document incidents clearly and maintain accurate case notes in accordance with established procedures and escalation workflows.
- Familiarity with correlating telemetry to identify indicators of compromise and support incident analysis.
- Experience supporting ticketing and case management processes for cybersecurity events and operational handoff.
- Ability to follow established playbooks and coordinate with SOC leadership and incident response personnel during active events.
- Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity policy compliance.
- Experience working with enterprise security monitoring data such as SIEM, IDS/IPS, DLP, or endpoint security event sources.
- Ability to support mission operations affecting large-scale distributed environments spanning multiple sites and users.
Security Clearance: Active Secret (preferred)
- Familiarity with USIEM operations and analytics development aligned to MITRE ATT&CK-based detection practices.
- Experience supporting cybersecurity operations in environments coordinated with NETCOM, ARCYBER, USCYBERCOM, RCCs, or DISA-connected organizations.
- Exposure to incident analysis and monitoring activities across both NIPRNet and SIPRNet or other classified and unclassified enclaves.
- Familiarity with EDR, IDS/IPS tuning inputs, or SIEM/C2C/DLP data correlation in a DoD enterprise environment.
- Experience supporting cybersecurity operations for geographically distributed enterprises spanning multiple states, territories, or remote sites.
ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.
is the federal segment of , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.
Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.
We value:
- Attracting and developing top talent and high-performing teams
- Fostering a culture that is engaging, accountable, and mission-driven
group id: 10112231A
