SOC CTIC Technician - Junior

Position Summary

ECS is seeking a SOC CTIC Technician - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA. This role supports Task 3 — Cybersecurity Operations Support by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks that inform Security Operations Center (SOC) monitoring and analysis. The SOC CTIC Technician - Junior enriches indicators, supports correlation and detection content updates, produces intelligence summaries and reports, and coordinates with SOC analysts and CTIC leadership to document findings in support of continuous monitoring, incident analysis, and broader Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

 

Please Note: This position is contingent upon contract award.

 

This position contributes to cyber defense for an enterprise that supports more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including support to both classified and unclassified network environments. The role operates within an ARNG mission context that includes Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations, while coordinating within the ENOCS cyber ecosystem that includes the SOC, USIEM analytics, EDR management, SIEM/C2C/DLP analytics, and collaboration with the NETCOM Global Cyber Center and DISA DCDC to help preserve cyber freedom of action for Army, ARNG, Joint, and Coalition forces.

Responsibilities

• Analyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging cyber risks affecting ARNG network environments.
• Enrich indicators and operational findings to support SOC monitoring, triage, and threat-informed defensive actions under Task 3 Cybersecurity Operations Support.
• Assist with correlation and detection content updates that improve SOC visibility and support more effective monitoring and analysis across ARNG classified and unclassified environments.
• Produce intelligence summaries, reports, and documented findings for CTIC leadership and SOC stakeholders to support continuous monitoring and cybersecurity operations.
• Coordinate with SOC analysts, watch functions, and CTIC leadership to document findings, refine analysis, and support escalation into incident, problem, and change processes as needed.
• Support use of USIEM analytics and integrated SIEM/C2C/DLP data sources to help identify actionable patterns, strengthen centralized visibility, and improve detection outcomes.
• Contribute to MITRE ATT&CK-based analytical activities by helping align observed indicators and adversary behavior to established threat-informed detection approaches used by the ENOCS SOC.
• Collaborate with cybersecurity operations personnel supporting 24x7x365 SOC monitoring to provide intelligence context that improves incident analysis and defensive cyberspace operations.
• Help maintain reporting and documentation that support DoD and ARNG cybersecurity policy, compliance expectations, and continuous monitoring requirements within the ENOCS mission environment.
• Coordinate, as required, with broader cyber operations stakeholders supporting ARNG cybersecurity activities in conjunction with the NETCOM Global Cyber Center and DISA DCDC.