SOC Manager - Senior

Job Description

Position Summary
ECS is seeking a SOC Manager - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will lead Security Operations Center activities under Task 3 - Cybersecurity Operations Support, directing continuous monitoring, threat detection, incident escalation, and case management in support of Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM). The SOC Manager - Senior will establish operational standards for triage and escalation, oversee performance across SOC workflows, and coordinate closely with CTIC, CIRT, vulnerability management, defensive cyber, and engineering teams to strengthen operational readiness and reduce cyber risk across supported ARNG environments.

This position directly supports ARNG's mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The role contributes to cybersecurity operations spanning classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The SOC Manager - Senior will operate within a technical environment that includes 24x7x365 SOC monitoring, USIEM analytics, EDR, IDS/IPS, DLP, SOAR, ACAS, STIG Manager, and coordination with NETCOM Global Cyber Center and DISA DCDC to maintain mission assurance across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

Responsibilities

• Direct Security Operations Center activities to ensure continuous monitoring, threat detection, incident triage, escalation, and operational readiness across supported ARNG environments.
• Establish and enforce shift coverage standards, triage quality controls, and case management procedures to support timely incident handling and risk reduction.
• Oversee incident escalation workflows into Tier 2 incident, problem, and change processes, ensuring effective coordination with CIRT, incident management, and problem management functions.
• Integrate SOC operations with CTIC, vulnerability management, defensive cyber, and engineering teams to improve containment actions, remediation execution, and continuous monitoring outcomes.
• Leverage USIEM, EDR, IDS/IPS, DLP, and related analytics to support centralized visibility, improved detection quality, and machine-speed response across ARNG cyber operations.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and other designated stakeholders to align SOC operations with broader DoDIN-Army-NG cybersecurity requirements and reporting expectations.
• Review operational metrics, SOC communications, and evaluation artifacts to identify trends, improve analyst performance, and strengthen mission assurance objectives.
• Support cybersecurity operations across classified and unclassified enclaves, including environments tied to ARNG Title 10 and Title 32 missions, mobilization readiness, and domestic emergency response.
• Contribute to COOP site validation, testing, and operational readiness activities to help sustain continuity of cybersecurity monitoring and response services.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Advance proficiency; must hold ONE OR MORE of the following: CBROPS,CFR,CySA+,GCFA,GCIA,GICSP

Experience: 7+ years of experience in cybersecurity

Education: Masters degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience directing SOC functions related to continuous monitoring, threat detection, incident escalation, and operational readiness.
• Experience establishing and enforcing triage standards, escalation procedures, and case management controls in a cyber operations environment.
• Experience coordinating across incident response, vulnerability management, defensive cyber, and engineering teams to drive timely containment and remediation.
• Experience reviewing operational metrics and producing leadership reporting for Government stakeholders in support of continuous monitoring objectives.
• Knowledge of cybersecurity operations supporting both classified and unclassified network environments.
• Experience working within enterprise cyber environments that use SIEM analytics, endpoint detection and response, and network security monitoring capabilities.
• Ability to support mission operations across large, geographically dispersed enterprise environments with high endpoint volume and continuous operational demands.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting Army, ARNG, or other DoD cybersecurity operations within a 24x7x365 SOC construct.
• Experience using or overseeing operations involving USIEM, EDR, IDS/IPS, DLP, SOAR, ACAS, or STIG Manager in an enterprise defense environment.
• Experience coordinating with NETCOM, ARCYBER, USCYBERCOM, RCCs, or DISA cyber organizations on incident reporting, monitoring, or operational response.
• Familiarity with MITRE ATT&CK-based analytics and threat-informed defense approaches used to improve detection and response quality.
• Experience supporting continuity of operations activities, including COOP validation, testing, and operational planning for cyber monitoring functions.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven