SOC Technician (Shift 1) - Junior

Job Description

Position Summary
ECS is seeking a SOC Technician (Shift 1) - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA. Supporting Task 3 - Cybersecurity Operations Support, this position monitors security events and alerts, performs initial triage and analysis, documents incidents in accordance with established SOC procedures, and escalates events per approved playbooks. The role contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations across the DoDIN-Army-NG area of responsibility and works closely with SOC leadership, Cyber Incident Response Team (CIRT) personnel, and other cybersecurity operations staff to support timely containment, case management, and continuous monitoring objectives.

Please Note: This position is contingent upon contract award.

This role helps defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The SOC Technician supports Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) for missions spanning Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and SIPRNet-enabled operations. In this environment, the position supports security monitoring and analysis activities aligned with the program's Unified Security Information & Event Management (USIEM), endpoint detection and response (EDR), IDS/IPS, DLP, and case management processes, while coordinating with NETCOM Global Cyber Center and DISA DCDC-connected operations as required by Task 3 deliverables.
Responsibilities

• Monitor security events, alerts, and telemetry across ARNG classified and unclassified environments and perform initial triage in accordance with established SOC procedures.
• Analyze security data to identify potential indicators of compromise, suspicious activity, and reportable incidents requiring escalation or further investigation.
• Correlate data from security monitoring sources to support threat-informed detection and improve analyst visibility into enterprise activity.
• Document incidents, investigative actions, and findings in ticketing and case management systems in support of Tier 2 incident, problem, and change processes.
• Escalate events in accordance with approved playbooks and coordinate with SOC leadership, CIRT, and other cybersecurity operations personnel to support timely containment actions.
• Support continuous monitoring activities for Task 3 by maintaining accurate records and operational artifacts needed for compliance with DoD and ARNG cybersecurity policy.
• Contribute to SOC monitoring and analysis activities that leverage USIEM, EDR, IDS/IPS, and DLP analytics for centralized visibility across the DoDIN-Army-NG area of responsibility.
• Coordinate with internal cyber teams and designated mission partners when incidents require handoff, additional analysis, or response support tied to ENOCS cybersecurity operations.
• Assist in identifying trends or recurring alert conditions that may inform tuning, reporting, or follow-on analysis within the ARNG cybersecurity operations environment.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst - Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF

Experience: 1+ years of experience in cybersecurity

• Experience monitoring and assessing security alerts, events, or incident data in a SOC or comparable cybersecurity operations environment.
• Experience performing initial incident triage, documenting findings, and maintaining accurate case or ticket records.
• Familiarity with correlating telemetry from multiple security data sources to support identification of suspicious activity or indicators of compromise.
• Ability to follow established SOC procedures, escalation paths, and incident response playbooks.
• Experience supporting continuous monitoring activities in alignment with documented cybersecurity policies or operational procedures.
• Ability to coordinate effectively with analysts, incident responders, and technical leads during active cybersecurity events.

Desired Skills

Desired Qualifications
Security Clearance: Active Secret (preferred)

• Familiarity with USIEM analytics, EDR workflows, or IDS/IPS event review in a DoD or federal cybersecurity environment.
• Experience supporting cybersecurity operations for both classified and unclassified enclaves, including environments tied to SIPRNet or NIPRNet operations.
• Exposure to MITRE ATT&CK-based analysis, threat-informed detections, or alert correlation methodologies.
• Experience supporting ARNG, Army, or other DoD enterprise cybersecurity operations spanning geographically distributed users, endpoints, and sites.
• Familiarity with coordination processes involving CIRT, NETCOM, or other higher-headquarters cybersecurity organizations.

ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

Everforth ECS is the federal segment of Everforth , a $4B global organization with over 10,000 employees. Our nearly 3,500 professionals deliver advanced technology solutions in data and AI, cybersecurity, and enterprise transformation, serving defense, intelligence, and federal civilian agencies.

Our work powers mission-critical outcomes, strengthens technology partnerships, and creates meaningful opportunities for our people. We are defined by a commitment to excellence in delivery, a culture of innovation, and an environment where talent can thrive and grow.

We value:

• Attracting and developing top talent and high-performing teams
• Fostering a culture that is engaging, accountable, and mission-driven