Dashboard Guru - Journeyman

Position Summary

ECS is seeking a Dashboard Guru - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will support Task 3 — Cybersecurity Operations Support by analyzing emerging threats, reviewing security telemetry, correlating operational indicators, and producing reporting that informs proactive defense across the ARNG enterprise. The Dashboard Guru - Journeyman contributes to Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) by helping refine detections, identify risk trends, document findings, and coordinate with SOC, cyber threat intelligence, and defensive cyber personnel to strengthen continuous monitoring and response outcomes.

 

Please Note: This position is contingent upon contract award.

 

This position supports a mission environment delivering DoDIN services and cybersecurity operations for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The role operates within ARNG’s classified and unclassified network environments and contributes to analytics and reporting that leverage ARNG’s cybersecurity ecosystem, including USIEM, EDR, IDS/IPS event data, DLP analytics, and MITRE ATT&CK-based detections, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC to improve visibility, threat-informed defense, and policy-aligned cyber operations.

Responsibilities

• Analyze threat data, security telemetry, and operational indicators to identify cyber risk trends and support proactive defense across Task 3 Cybersecurity Operations Support.
• Correlate events and intelligence from multiple sources to help determine suspicious activity, develop findings, and recommend defensive actions for ARNG classified and unclassified environments.
• Support SOC, cyber threat intelligence, and defensive cyber teams by refining detection content, documenting analytic results, and improving the quality of threat-focused reporting.
• Develop dashboards, reports, and analytic products that support continuous monitoring, cybersecurity governance, and compliance with DoD and ARNG cybersecurity policy.
• Leverage USIEM, EDR, IDS/IPS, and DLP-related data to improve centralized visibility and help prioritize analyst action on potential threats across the DoDIN-A(NG) area of responsibility.
• Apply MITRE ATT&CK-based analysis techniques to support detection development, event correlation, and post-incident understanding of adversary tactics, techniques, and procedures.
• Coordinate with SOC personnel and USIEM engineers to improve data feed utility, enable stronger analytics, and support more effective monitoring and analysis outcomes.
• Document threat research, event analysis, findings, and recommendations in a clear, reproducible manner to support reporting, operational decision-making, and continuous improvement.
• Contribute analytic support aligned with ARNG’s 24x7x365 cybersecurity operations mission in coordination with entities including the NETCOM Global Cyber Center and DISA DCDC.