Cybersecurity Analyst (CDAP) Lead - Senior

Position Summary

ECS is seeking a Cybersecurity Analyst (CDAP) Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 — Cybersecurity Operations Support — and leads Cybersecurity Data Analytics Platform (CDAP) analytic operations that strengthen Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. The role directs enterprise monitoring, detection, correlation, reporting, analytic rule development, dashboard governance, and data validation activities, while coordinating closely with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to improve threat visibility, triage quality, and risk reporting for Government stakeholders.

This role contributes to cybersecurity operations protecting ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within an enterprise environment that includes USIEM analytics, EDR, IDS/IPS, DLP, Zeek metadata, Sysmon-based monitoring, and coordination with NETCOM, ARCYBER, USCYBERCOM, RCC-ARNG, the NETCOM Global Cyber Center, and DISA DCDC. CDAP outputs produced in this role help sustain continuous monitoring, RMF support, and operational cyber readiness for ARNG Title 10 and Title 32 missions, including mobilization readiness, domestic emergency response, and support to SIPRNet and NIPRNet operations.

Please Note: This position is contingent upon contract award.

Responsibilities

• Lead CDAP analytic operations by directing monitoring, detection, correlation, and reporting activities across enterprise security data sources supporting Task 3 cybersecurity operations deliverables.
• Oversee alert triage quality and analytic workflow execution to improve identification, prioritization, and escalation of high-risk cyber findings across DoDIN-connected environments.
• Develop, refine, and govern analytic rules, dashboards, and data validation processes to improve threat visibility, reporting accuracy, and operational decision support.
• Coordinate with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to strengthen detection logic, analytic coverage, and response visibility.
• Leverage enterprise security telemetry and analytics aligned with the ENOCS environment, including USIEM, EDR, IDS/IPS, DLP, Zeek metadata, and Sysmon-informed monitoring, to support centralized visibility and threat-informed detection.
• Support continuous monitoring and RMF objectives by ensuring CDAP outputs align with eMASS artifact needs, compliance reporting, and ARNG and DoD cybersecurity policy expectations.
• Produce operational metrics, dashboards, and executive-level reporting for Government stakeholders to communicate analytic performance, cyber risk trends, and detection outcomes.
• Coordinate analytic support activities with organizations and operational partners identified in Task 3, including RCC-ARNG, NETCOM, ARCYBER, USCYBERCOM, the NETCOM Global Cyber Center, and DISA DCDC, as appropriate.
• Improve analytic coverage for ARNG classified and unclassified environments by validating data sources, identifying gaps in visibility, and recommending enhancements to monitoring and reporting processes.