SOC DMA Technician - Journeyman

Position Summary

ECS is seeking a SOC DMA Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role supports Task 3, Cybersecurity Operations Support, by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks across the ARNG enterprise. The SOC DMA Technician - Journeyman enriches indicators, supports correlation and detection content updates, produces intelligence summaries and reports, and coordinates findings with SOC analysts and CTIC leadership to strengthen 24/7/365 cybersecurity monitoring, incident analysis, and Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

 

Please Note: This position is contingent upon contract award.

 

This position directly contributes to protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The role operates within a mission environment supporting Title 10 and Title 32 operations, mobilization readiness, domestic emergency response, and classified SIPRNet activities, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC. The technician supports the ENOCS cybersecurity ecosystem by helping improve visibility and detections through integrated SIEM/C2C/DLP analytics, MITRE ATT&CK-based analysis, and data feeds that inform SOC operations, incident response, and continuous monitoring.

Responsibilities

• Analyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging cyber risks affecting ARNG classified and unclassified environments.
• Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting for Task 3 Cybersecurity Operations Support.
• Support correlation and detection content refinement by providing actionable intelligence that improves analytic effectiveness and threat-informed defense.
• Produce intelligence summaries, technical reports, and documented findings for CTIC leadership, SOC analysts, and other cybersecurity stakeholders.
• Coordinate with SOC analysts and CTIC leadership to document findings, support continuous monitoring activities, and maintain alignment with DoD and ARNG cybersecurity policy requirements.
• Contribute to MITRE ATT&CK-based analytic development and reporting to help translate raw event data into actionable cyber intelligence for ARNG defenders.
• Support the use of integrated SIEM/C2C/DLP analytics and related data sources to improve centralized visibility and machine-speed response across the ARNG enterprise.
• Coordinate with USIEM engineers and SOC personnel to help identify the most effective enabling data sources and improve the quality of threat detection and analysis.
• Provide analysis products that support coordination with NETCOM Global Cyber Center, DISA DCDC, and other mission partners involved in DCO-IDM operations across the DoDIN-Army-NG area of responsibility.