SOC Team Lead - Senior

Position Summary

ECS is seeking a SOC Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 — Cybersecurity Operations Support — by implementing, configuring, and maintaining security engineering solutions that enable SOC monitoring, detection, and response across ARNG enterprise environments. The role contributes directly to Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) by sustaining security tools, sensors, log forwarding, and telemetry pipelines; improving monitoring coverage and alert fidelity; and coordinating with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities aligned to ARNG and DoD cybersecurity requirements.

In this role, the selected candidate will help defend classified and unclassified ARNG network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within a mission environment supporting Title 10 and Title 32 activities, mobilization readiness, domestic emergency response, and SIPRNet operations, while coordinating with organizations and capabilities identified in the ENOCS environment such as the NETCOM Global Cyber Center, DISA DCDC, USIEM analytics, EDR, IDS/IPS, DLP, and RMF/eMASS processes. This role helps ensure ARNG forces retain cyber freedom of action while denying the same to adversaries.

Please Note: This position is contingent upon contract award.

Responsibilities

• Implement, configure, and maintain security engineering solutions that support SOC monitoring, detection, and response operations across ARNG enterprise environments.
• Integrate and sustain security sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation accuracy, and monitoring coverage.
• Support the operation and tuning of security capabilities used in the ENOCS environment, including USIEM, EDR, IDS/IPS, and related analytics feeds that enable centralized visibility and response.
• Validate security configuration baselines and assist with system hardening activities to maintain monitoring effectiveness and alignment with ARNG and DoD cybersecurity policy.
• Troubleshoot monitoring gaps, telemetry issues, and alert fidelity problems affecting SOC operations and coordinate corrective actions with infrastructure and service owner teams.
• Document configuration changes, technical issues, and remediation actions to support auditability, operational continuity, and ongoing cybersecurity engineering activities.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to maintain continuous monitoring capabilities and support cyber defense operations across classified and unclassified enclaves.
• Support incident and ticket escalation workflows by providing technical engineering support to Tier 2 incident, problem, and change processes as required.
• Assist with RMF-aligned monitoring and evidence support activities, including maintaining artifacts needed for compliance and integration with eMASS-related processes.
• Work in coordination with operational stakeholders identified in Task 3, including the NETCOM Global Cyber Center and DISA DCDC, to help sustain 24x7x365 cybersecurity operations across the DoDIN-A(NG) area of responsibility.