SOC Team Lead - Senior

Job Description

Position Summary
ECS is seeking a SOC Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - by implementing, configuring, and maintaining security engineering solutions that enable SOC monitoring, detection, and response across ARNG enterprise environments. The role contributes directly to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by sustaining security tools, sensors, log forwarding, and telemetry pipelines; improving monitoring coverage and alert fidelity; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities aligned to ARNG and DoD cybersecurity requirements.

In this role, the selected candidate will help defend classified and unclassified ARNG network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within a mission environment supporting Title 10 and Title 32 activities, mobilization readiness, domestic emergency response, and SIPRNet operations, while coordinating with organizations and capabilities identified in the ENOCS environment such as the NETCOM Global Cyber Center, DISA DCDC, USIEM analytics, EDR, IDS/IPS, DLP, and RMF/eMASS processes. This role helps ensure ARNG forces retain cyber freedom of action while denying the same to adversaries.

Please Note: This position is contingent upon contract award.
Responsibilities

• Implement, configure, and maintain security engineering solutions that support SOC monitoring, detection, and response operations across ARNG enterprise environments.
• Integrate and sustain security sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation accuracy, and monitoring coverage.
• Support the operation and tuning of security capabilities used in the ENOCS environment, including USIEM, EDR, IDS/IPS, and related analytics feeds that enable centralized visibility and response.
• Validate security configuration baselines and assist with system hardening activities to maintain monitoring effectiveness and alignment with ARNG and DoD cybersecurity policy.
• Troubleshoot monitoring gaps, telemetry issues, and alert fidelity problems affecting SOC operations and coordinate corrective actions with infrastructure and service owner teams.
• Document configuration changes, technical issues, and remediation actions to support auditability, operational continuity, and ongoing cybersecurity engineering activities.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities and support cyber defense operations across classified and unclassified enclaves.
• Support incident and ticket escalation workflows by providing technical engineering support to Tier 2 incident, problem, and change processes as required.
• Assist with RMF-aligned monitoring and evidence support activities, including maintaining artifacts needed for compliance and integration with eMASS-related processes.
• Work in coordination with operational stakeholders identified in Task 3, including the NETCOM Global Cyber Center and DISA DCDC, to help sustain 24x7x365 cybersecurity operations across the DoDIN-A(NG) area of responsibility.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist - Basic proficiency; must hold ONE OR MORE of the following: CC, A+, CND, GCLD, GDSA, GFACT, Network+

Experience: 1+ years of experience in cybersecurity

• Experience implementing or maintaining security engineering solutions that support SOC monitoring, detection, and response activities.
• Experience integrating or sustaining security tools, sensors, log forwarding, or telemetry collection mechanisms in enterprise environments.
• Ability to troubleshoot issues affecting monitoring coverage, telemetry flow, or alert fidelity and document resulting corrective actions.
• Experience validating configuration baselines and supporting system hardening activities in accordance with established cybersecurity policies.
• Ability to coordinate effectively with SOC, CTIC, CDAP, and infrastructure stakeholders to sustain continuous monitoring operations.
• Experience producing clear technical documentation for configuration changes, remediation activities, and operational support actions.
• Familiarity with RMF-aligned continuous monitoring activities and the maintenance of compliance-related cybersecurity artifacts.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting cybersecurity operations for large, distributed enterprises spanning multiple sites, users, and endpoints.
• Familiarity with ARNG or Army cyber operations environments supporting both classified and unclassified networks, including SIPRNet and NIPRNet operations.
• Experience working with USIEM analytics, EDR, DLP, IDS/IPS, or related security monitoring technologies referenced in the ENOCS technical environment.
• Experience coordinating cybersecurity engineering or monitoring activities with organizations such as NETCOM, ARCYBER, USCYBERCOM, RCCs, or DISA-connected operations.
• Familiarity with eMASS-supported RMF documentation and continuous monitoring processes in DoD environments.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven