SOC Technician (Shift 2 Lead) - Senior

Position Summary

ECS is seeking a SOC Technician (Shift 2 Lead) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3 — Cybersecurity Operations Support — by providing senior-level oversight of Security Operations Center activities, validating complex alert triage decisions, reviewing case documentation for accuracy and completeness, and ensuring appropriate escalation of high-risk incidents. The position contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations, monitoring, and Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility, while working in coordination with broader SOC, incident response, engineering, and cyber defense teams.

In this role, the selected candidate will help defend ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position supports mission continuity for Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet operations by analyzing events across integrated security telemetry and improving detection effectiveness. The SOC environment aligns with ENOCS cybersecurity operations that leverage USIEM analytics, EDR, IDS/IPS event visibility, MITRE ATT&CK-based analytics, and coordination with NETCOM Global Cyber Center and DISA DCDC to strengthen centralized visibility, incident escalation, and coordinated cyber defense.

Please Note: This position is contingent upon contract award.

Responsibilities

• Validate complex alert triage decisions and ensure accurate prioritization of cybersecurity events, incidents, and associated response actions within the SOC.
• Review case documentation for completeness, quality, and operational accuracy to support incident handling, reporting, and auditability.
• Ensure timely escalation of high-risk or coordinated cyber activity to appropriate Tier 2 incident, problem, and change processes and supporting cyber operations teams.
• Conduct advanced correlation analysis across multiple telemetry sources to identify persistent, coordinated, or emerging threat activity affecting ARNG classified and unclassified environments.
• Support trend analysis efforts to identify recurring patterns, operational gaps, and opportunities to improve SOC detection and response effectiveness across the ENOCS enterprise.
• Contribute to detection improvement initiatives by helping refine analytics and alerting approaches aligned to MITRE ATT&CK-based analysis used within the ENOCS cybersecurity operations environment.
• Leverage integrated USIEM, EDR, and IDS/IPS-derived event visibility to support centralized monitoring and stronger threat-informed analysis across the DoDIN-A(NG) area of responsibility.
• Coordinate with SOC analysts, service owners, and other cybersecurity operations personnel to maintain consistent case handling and situational awareness for incidents affecting approximately 141,000 endpoints across 54 states and territories.
• Support cybersecurity operations conducted in coordination with the NETCOM Global Cyber Center and DISA DCDC to help preserve ARNG cyber freedom of action and strengthen enterprise defense.