SOC CTIC Technician - Senior

Job Description

Position Summary
ECS is seeking a SOC CTIC Technician - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate will support Task 3 - Cybersecurity Operations Support by assisting threat intelligence operations that strengthen Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. The SOC CTIC Technician will collect and organize indicators, assist with enrichment activities, update detection content under senior guidance, and produce summary reporting and analytic documentation that improve SOC situational awareness and continuous monitoring compliance. This position works as part of the broader cybersecurity operations team supporting SOC monitoring, incident analysis, and coordinated cyber defense activities.

The role directly supports ARNG's mission to deliver secure enterprise services to more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions and both classified and unclassified network environments. The SOC CTIC Technician contributes to operations aligned with the Security Operations Center and Unified Security Information & Event Management (USIEM) analytic environment, where integrated SIEM/C2C/DLP analytics, MITRE ATT&CK-based detections, and curated data sources such as Zeek metadata and Sysmon monitoring are used to improve enterprise visibility. This work helps sustain cyber readiness for ARNG operations, including mobilization readiness, domestic emergency response, and coordination with NETCOM Global Cyber Center and DISA DCDC.

Please Note: This position is contingent upon contract award.
Responsibilities

• Collect, organize, and maintain cyber threat indicators, observables, and related analytic data to support SOC threat intelligence operations.
• Assist senior analysts with enrichment of indicators and events to improve threat context, prioritization, and operational awareness.
• Update and refine detection content under senior guidance to support continuous monitoring and threat-informed defense across ARNG network environments.
• Produce summary reports, analytic notes, and supporting documentation that enhance SOC situational awareness and support continuous monitoring compliance.
• Support MITRE ATT&CK-aligned analysis activities by helping map indicators and observed behaviors to adversary tactics, techniques, and procedures.
• Contribute to USIEM analytic support by organizing relevant data inputs and assisting with correlation activities that improve detection quality.
• Help maintain awareness of data feeds used in the ARNG cyber environment, including sources such as Zeek metadata and Sysmon-based monitoring, to support more effective detections.
• Coordinate analytic support activities with SOC personnel and related cybersecurity teams operating in conjunction with NETCOM Global Cyber Center and DISA DCDC.
• Assist with documentation and reporting that support 24x7x365 cybersecurity operations defending ARNG classified and unclassified enclaves across the DoDIN-Army-NG area of responsibility.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience collecting, organizing, and tracking threat indicators and related analytic artifacts in support of cyber defense operations.
• Ability to assist with indicator enrichment and prepare concise summary reporting for SOC or cybersecurity operations teams.
• Familiarity with continuous monitoring concepts and documentation practices used to support cybersecurity compliance activities.
• Exposure to SIEM-driven analysis workflows and security event correlation in an enterprise environment.
• Ability to follow senior guidance to update detection content and maintain supporting analytic documentation.
• Working knowledge of MITRE ATT&CK-based analytic methods for organizing and interpreting threat activity.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting SOC, CTI, or cyber defense activities in a DoD or Army enterprise environment.
• Familiarity with USIEM operations or integrated SIEM/C2C/DLP analytic environments.
• Exposure to data sources used for advanced detection engineering, such as Zeek metadata or Sysmon monitoring.
• Experience supporting cyber operations across both classified and unclassified enclaves.
• Familiarity with ARNG, NETCOM, or DISA-coordinated cybersecurity operations and reporting processes.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven