Cybersecurity Support Lead - Senior

Job Description

Position Summary
ECS is seeking a Cybersecurity Support Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. Supporting Task 3 - Cybersecurity Operations Support, this senior role leads penetration testing and adversarial assessments of networks, systems, applications, and enclaves across the ARNG enterprise to evaluate security posture and strengthen Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) within the DoDIN-Army-NG area of responsibility. The Cybersecurity Support Lead - Senior develops test plans, rules of engagement, and exploit methodologies; executes advanced manual and automated testing; validates remediation through retesting; and produces technical findings and executive-level risk reporting that informs mitigation and response activities across the broader ENOCS cybersecurity team.

This role directly supports a mission environment delivering DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position operates within ENOCS' integrated cyber environment, coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC and contributing to enterprise security activities tied to USIEM, EDR, IDS/IPS, RMF, eMASS, and cybersecurity operations spanning classified and unclassified enclaves.

Please Note: This position is contingent upon contract award.
Responsibilities

• Lead penetration testing and adversarial assessments of ARNG networks, systems, applications, and enclaves to identify exploitable weaknesses and evaluate enterprise security posture.
• Develop assessment plans, rules of engagement, and exploitation methodologies that align to ARNG and DoD cybersecurity policy, operational requirements, and RMF expectations.
• Execute advanced manual and automated exploitation activities against enterprise infrastructure and applications, then validate corrective actions through structured retesting.
• Produce comprehensive technical reports and executive summaries that document findings, attack paths, operational risk, and prioritized mitigation recommendations for leadership review.
• Advise cybersecurity and mission stakeholders on remediation strategies to improve resilience across classified and unclassified environments supporting DoDIN-A(NG) operations.
• Coordinate assessment activities with Task 3 cybersecurity operations personnel and relevant Government stakeholders to support DCO-IDM objectives across the ARNG area of responsibility.
• Support RMF-related cybersecurity activities by providing evidence, findings, and remediation validation inputs that inform eMASS records, security compliance reviews, and POA&M development.
• Assess security effectiveness of enterprise monitoring and defensive measures in environments that leverage USIEM, EDR, IDS/IPS, and related analytics to improve detection and response.
• Coordinate, as required, with operational partners including the NETCOM Global Cyber Center and DISA DCDC to ensure assessment activities and findings support broader ARNG cyber defense operations.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 631-Information Systems Security Developer - Intermediate proficiency; must hold ONE OR MORE of the following: SecurityX / CASP+, CCSP, Cloud+, CSC, GCLD, GCSA, GSEC

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Demonstrated experience leading penetration testing or adversarial assessments of networks, systems, applications, and enclaves.
• Experience developing rules of engagement, test plans, and exploit methodologies for security assessments in enterprise environments.
• Ability to perform manual and automated exploitation and conduct retesting to verify remediation effectiveness.
• Experience producing technical assessment reports and executive-level summaries that clearly communicate findings, risk, and mitigation priorities.
• Working knowledge of RMF processes and supporting documentation, including security compliance inputs, remediation tracking, and validation of corrective actions.
• Experience assessing cybersecurity posture in environments that include classified and unclassified networks and enterprise-scale infrastructure.
• Ability to coordinate effectively with cybersecurity operations, engineering, and leadership stakeholders in support of incident-driven and proactive defense activities.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting Army, ARNG, or other DoD cybersecurity operations in environments aligned to DCO-IDM missions.
• Familiarity with enterprise security operations environments using USIEM, EDR, IDS/IPS, and MITRE ATT&CK-based analytics.
• Experience providing assessment findings or remediation validation inputs for eMASS records, POA&Ms, or broader RMF sustainment activities.
• Experience conducting assessments in support of large, geographically distributed environments spanning multiple sites, enclaves, or states and territories.
• Familiarity with cybersecurity coordination processes involving NETCOM, DISA DCDC, RCCs, or related DoD cyber defense organizations.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven