SOC Technician (Shift 1 Lead) - Senior

Job Description

Position Summary
ECS is seeking a SOC Technician (Shift 1 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 - Cybersecurity Operations Support by monitoring security logs, network telemetry, and endpoint alerts; identifying anomalous activity and potential indicators of compromise; performing log correlation and preliminary pattern analysis; documenting findings in case management systems; and escalating events in accordance with established response procedures. This position contributes to ENOCS's 24x7x365 cybersecurity operations by supporting Security Operations Center monitoring and analysis activities that integrate with incident, problem, and change processes across the broader cyber operations team.

This role supports ARNG's mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, enabling Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The SOC Technician helps protect an enterprise serving more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The position operates within the ENOCS cyber environment that includes Unified Security Information & Event Management (USIEM) analytics, endpoint detection and response, IDS/IPS monitoring, integrated SIEM/C2C/DLP analytics, and coordination with organizations such as the NETCOM Global Cyber Center and DISA DCDC to support Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM).

Please Note: This position is contingent upon contract award.
Responsibilities

• Monitor security logs, network telemetry, and endpoint alerts to identify anomalous activity and potential indicators of compromise across ARNG classified and unclassified environments.
• Perform log correlation and preliminary pattern analysis using approved analytic rules and established monitoring procedures to support timely detection and escalation.
• Document observations, findings, and event details in case management systems, ensuring tickets are complete, accurate, and updated throughout the response lifecycle.
• Escalate incidents and suspicious activity in accordance with established response procedures and Tier 2 incident, problem, and change processes.
• Support continuous monitoring reporting requirements aligned with DoD and ARNG cybersecurity policy, maintaining accurate records for operational visibility and auditability.
• Assist with evidence tracking and event documentation to support cyber incident response, follow-on analysis, and lessons learned.
• Leverage integrated SIEM/C2C/DLP analytics and available security data sources to improve visibility and support threat-informed monitoring within the SOC.
• Coordinate with SOC analysts, service owners, and supporting cyber teams to support USIEM and endpoint detection activities within ARNG's DCO-IDM mission.
• Contribute to cybersecurity operations that interface with the NETCOM Global Cyber Center and DISA DCDC in defense of the DoDIN-Army-NG area of responsibility.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring security logs, network telemetry, and endpoint alerts for suspicious or anomalous activity.
• Ability to perform preliminary event analysis, pattern recognition, and log correlation using approved procedures and analytic rules.
• Experience documenting findings, maintaining ticket accuracy, and updating case management records throughout event handling activities.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity policy requirements.
• Ability to support evidence tracking and maintain organized records for incident handling and reporting.
• Familiarity with classified and unclassified network defense operations in an enterprise cybersecurity environment.
• Ability to coordinate effectively with incident response, problem management, and change management stakeholders during event escalation.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Experience supporting Security Operations Center activities in a 24x7x365 enterprise monitoring environment.
• Familiarity with USIEM analytics, endpoint detection and response, or IDS/IPS event monitoring in a DoD environment.
• Experience supporting cybersecurity operations for large, distributed enterprises spanning multiple sites or geographic regions.
• Familiarity with MITRE ATT&CK-based analytic approaches or threat-informed detection concepts.
• Experience supporting ARNG, Army, or other DoD missions involving classified SIPRNet and unclassified network environments.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven