SOC CIRT Technician - Senior

Position Summary

ECS is seeking a SOC CIRT Technician - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate will support Task 3 — Cybersecurity Operations Support by performing cyber incident response investigations, collecting and preserving evidence, acquiring and analyzing host and network artifacts, assisting with malware triage and root-cause analysis, and documenting actions and findings in incident tracking and reporting workflows. The position contributes directly to ENOCS delivery of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) and works in coordination with the broader cybersecurity operations team, including SOC, incident response, threat analysis, compliance, and RMF functions.

This role supports a mission environment delivering DoDIN services and cybersecurity operations for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC CIRT Technician - Senior helps defend both classified and unclassified ARNG network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The position operates within ENOCS’ 24x7x365 cybersecurity ecosystem and supports incident coordination aligned with the NETCOM Global Cyber Center, DISA DCDC, USIEM analytics, EDR, SOAR, and related monitoring, detection, and response activities across the DoDIN-A(NG) area of responsibility.

Please Note: This position is contingent upon contract award.

Responsibilities

• Perform evidence collection, forensic acquisition, and technical analysis of host and network artifacts in support of cyber incident response investigations.
• Assist with malware triage, root-cause determination, containment support, and recovery validation for suspected or confirmed cybersecurity incidents.
• Document investigative steps, findings, and response actions in incident tracking and case management systems to support required reporting and auditability.
• Support after-action reporting and incident documentation to strengthen enterprise defenses and align with ARNG and DoD continuous monitoring requirements.
• Coordinate incident response activities with SOC analysts, CIRT personnel, and related cybersecurity operations teams supporting Task 3 deliverables.
• Contribute to incident analysis and reporting workflows that interface with ARNG cybersecurity operations and coordination points such as NETCOM Global Cyber Center and DISA DCDC.
• Analyze artifacts and indicators derived from monitored environments that leverage USIEM, EDR, and SOAR-enabled detection and response activities.
• Support response activities across classified and unclassified ARNG enclaves, including mission environments tied to SIPRNet operations and broader DoDIN-A(NG) defensive operations.
• Maintain clear, timely records of investigative observations, containment support actions, and recovery validation results to support lessons learned and operational follow-through.