Cybersecurity Analyst (CDAP) Lead - Senior

Job Description

Position Summary
ECS is seeking a Cybersecurity Analyst (CDAP) Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 - Cybersecurity Operations Support - and leads Cybersecurity Data Analytics Platform (CDAP) analytic operations that strengthen Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. The role directs enterprise monitoring, detection, correlation, reporting, analytic rule development, dashboard governance, and data validation activities, while coordinating closely with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to improve threat visibility, triage quality, and risk reporting for Government stakeholders.

This role contributes to cybersecurity operations protecting ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within an enterprise environment that includes USIEM analytics, EDR, IDS/IPS, DLP, Zeek metadata, Sysmon-based monitoring, and coordination with NETCOM, ARCYBER, USCYBERCOM, RCC-ARNG, the NETCOM Global Cyber Center, and DISA DCDC. CDAP outputs produced in this role help sustain continuous monitoring, RMF support, and operational cyber readiness for ARNG Title 10 and Title 32 missions, including mobilization readiness, domestic emergency response, and support to SIPRNet and NIPRNet operations.

Please Note: This position is contingent upon contract award.
Responsibilities

• Lead CDAP analytic operations by directing monitoring, detection, correlation, and reporting activities across enterprise security data sources supporting Task 3 cybersecurity operations deliverables.
• Oversee alert triage quality and analytic workflow execution to improve identification, prioritization, and escalation of high-risk cyber findings across DoDIN-connected environments.
• Develop, refine, and govern analytic rules, dashboards, and data validation processes to improve threat visibility, reporting accuracy, and operational decision support.
• Coordinate with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to strengthen detection logic, analytic coverage, and response visibility.
• Leverage enterprise security telemetry and analytics aligned with the ENOCS environment, including USIEM, EDR, IDS/IPS, DLP, Zeek metadata, and Sysmon-informed monitoring, to support centralized visibility and threat-informed detection.
• Support continuous monitoring and RMF objectives by ensuring CDAP outputs align with eMASS artifact needs, compliance reporting, and ARNG and DoD cybersecurity policy expectations.
• Produce operational metrics, dashboards, and executive-level reporting for Government stakeholders to communicate analytic performance, cyber risk trends, and detection outcomes.
• Coordinate analytic support activities with organizations and operational partners identified in Task 3, including RCC-ARNG, NETCOM, ARCYBER, USCYBERCOM, the NETCOM Global Cyber Center, and DISA DCDC, as appropriate.
• Improve analytic coverage for ARNG classified and unclassified environments by validating data sources, identifying gaps in visibility, and recommending enhancements to monitoring and reporting processes.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience leading or overseeing cybersecurity monitoring, detection, correlation, and reporting activities across enterprise security data sources.
• Experience developing or refining analytic rules, dashboards, and data quality processes used to improve threat visibility and operational reporting.
• Experience coordinating with SOC, cyber threat intelligence, defensive cyber, or security engineering teams to improve detection logic and triage outcomes.
• Experience producing operational metrics and executive reporting for Government stakeholders in support of continuous monitoring or cyber operations.
• Knowledge of RMF support activities and the use of cybersecurity outputs to inform continuous monitoring objectives and compliance reporting.
• Experience working with enterprise security analytics and monitoring capabilities such as SIEM, EDR, IDS/IPS, DLP, or related telemetry sources in DoDIN-connected environments.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting ARNG, Army, or other DoD cybersecurity operations in environments spanning NIPRNet and SIPRNet enclaves.
• Experience working with USIEM analytics, MITRE ATT&CK-based detections, Zeek metadata, or Sysmon-based monitoring approaches.
• Familiarity with coordination processes involving RCC-ARNG, NETCOM, ARCYBER, USCYBERCOM, or DISA cyber operations organizations.
• Experience supporting cybersecurity operations for large, geographically dispersed enterprises serving users and endpoints across multiple sites or jurisdictions.
• Experience translating analytic results into dashboards, curated reports, or risk-focused executive briefings for Government leadership.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven