SOC Technician (Shift 3) - Junior

Job Description

Position Summary
ECS is seeking a SOC Technician (Shift 3) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA. In this role, the candidate supports Task 3 - Cybersecurity Operations Support by monitoring security logs, network telemetry, and endpoint alerts; identifying anomalous activity and potential indicators of compromise; performing preliminary log correlation and pattern analysis; documenting findings in case management systems; and escalating events in accordance with established response procedures. This position contributes directly to ENOCS 24x7x365 cybersecurity operations and integrates with the broader SOC, Cyber Incident Response Team (CIRT), watch officers, engineers, and service owners supporting Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

The role supports ARNG's mission to defend classified and unclassified network environments serving more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. ENOCS supports Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations, making timely detection, documentation, and escalation of cyber events essential to mission continuity. The SOC Technician works within the program's operational cyber environment, supporting centralized visibility and response through USIEM, EDR, IDS/IPS, and integrated SIEM/C2C/DLP analytics while coordinating within established processes aligned to ARNG and DoD cybersecurity policy.
Responsibilities

• Monitor security logs, network telemetry, and endpoint alerts to identify anomalous activity and potential indicators of compromise across ARNG classified and unclassified environments.
• Perform initial log correlation and preliminary pattern analysis using approved analytic rules and established SOC procedures.
• Open, update, and maintain tickets and incident records in case management systems with accurate technical detail, status, and supporting evidence.
• Escalate suspicious events and potential incidents to Tier 2 incident, problem, and change processes in accordance with documented response procedures.
• Support continuous monitoring activities and reporting requirements aligned with DoD and ARNG cybersecurity policy.
• Document findings clearly to enable follow-on analysis by SOC Tier 2, CIRT, and other cybersecurity operations personnel.
• Assist with evidence tracking and artifact handling to support incident review, response actions, and auditability.
• Contribute to SOC operations that leverage USIEM, EDR, and integrated SIEM/C2C/DLP analytics for centralized security visibility across the DoDIN-A(NG) area of responsibility.
• Coordinate event reporting and operational handoff within established SOC workflows that interface with organizations such as the NETCOM Global Cyber Center and DISA DCDC.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring security events, alerts, or logs in support of cybersecurity operations.
• Ability to identify anomalous activity and recognize potential indicators of compromise from network and endpoint telemetry.
• Experience documenting findings, maintaining ticket accuracy, and updating case management records.
• Ability to follow established escalation procedures for incidents, problems, and changes.
• Familiarity with continuous monitoring support activities and evidence tracking in a DoD or ARNG-aligned environment.
• Ability to support analyst handoff and communicate event details clearly to follow-on responders and service owners.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Familiarity with USIEM, EDR, IDS/IPS, or integrated SIEM/C2C/DLP analytics used in enterprise security monitoring.
• Experience supporting SOC operations for large-scale distributed environments spanning multiple sites or enclaves.
• Exposure to MITRE ATT&CK-based analysis or threat-informed detection activities.
• Familiarity with ARNG, Army, or other DoD cybersecurity operations supporting both NIPRNet and SIPRNet environments.
• Experience coordinating event reporting or escalations within organizations that interface with NETCOM, ARCYBER, USCYBERCOM, or DISA-led operations.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven