SOC Manager - Senior

Position Summary

ECS is seeking a SOC Manager - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will lead Security Operations Center activities under Task 3 — Cybersecurity Operations Support, directing continuous monitoring, threat detection, incident escalation, and case management in support of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM). The SOC Manager - Senior will establish operational standards for triage and escalation, oversee performance across SOC workflows, and coordinate closely with CTIC, CIRT, vulnerability management, defensive cyber, and engineering teams to strengthen operational readiness and reduce cyber risk across supported ARNG environments.

This position directly supports ARNG’s mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The role contributes to cybersecurity operations spanning classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The SOC Manager - Senior will operate within a technical environment that includes 24x7x365 SOC monitoring, USIEM analytics, EDR, IDS/IPS, DLP, SOAR, ACAS, STIG Manager, and coordination with NETCOM Global Cyber Center and DISA DCDC to maintain mission assurance across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

 

Responsibilities

• Direct Security Operations Center activities to ensure continuous monitoring, threat detection, incident triage, escalation, and operational readiness across supported ARNG environments.
• Establish and enforce shift coverage standards, triage quality controls, and case management procedures to support timely incident handling and risk reduction.
• Oversee incident escalation workflows into Tier 2 incident, problem, and change processes, ensuring effective coordination with CIRT, incident management, and problem management functions.
• Integrate SOC operations with CTIC, vulnerability management, defensive cyber, and engineering teams to improve containment actions, remediation execution, and continuous monitoring outcomes.
• Leverage USIEM, EDR, IDS/IPS, DLP, and related analytics to support centralized visibility, improved detection quality, and machine-speed response across ARNG cyber operations.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and other designated stakeholders to align SOC operations with broader DoDIN-Army-NG cybersecurity requirements and reporting expectations.
• Review operational metrics, SOC communications, and evaluation artifacts to identify trends, improve analyst performance, and strengthen mission assurance objectives.
• Support cybersecurity operations across classified and unclassified enclaves, including environments tied to ARNG Title 10 and Title 32 missions, mobilization readiness, and domestic emergency response.
• Contribute to COOP site validation, testing, and operational readiness activities to help sustain continuity of cybersecurity monitoring and response services.