Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
SOC CTIC Technician - Journeyman
Job
ECS Federal, LLC
Fairfax, VA (In Person)
Full-Time
Review key factors to help you decide if the role fits your goals.
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
72
out of 100
Average of individual scores
Skill Insights
Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Position SummaryECS is seeking a
This role supports ARNG's mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, helping sustain services for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The
ResponsibilitiesAnalyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging risks affecting ARNG classified and unclassified environments.
Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting within Task 3 Cybersecurity Operations Support.
Support updates to correlation logic and detection content used in SOC operations, helping improve threat-informed detections and monitoring effectiveness.
Produce intelligence summaries, reports, and documented findings for SOC analysts, CTIC leadership, and other cybersecurity stakeholders.
Coordinate with SOC analysts and technical teams to translate threat information into actionable detection, monitoring, and response support.
Contribute to USIEM analytics activities by helping correlate available security data and documenting findings that improve centralized visibility and response.
Support analysis aligned to MITRE ATT&CK-based detections using enterprise data sources identified in the ENOCS environment, including Zeek metadata and Sysmon-informed monitoring.
Coordinate with NETCOM Global Cyber Center, DISA DCDC, and related cybersecurity stakeholders as required to support threat analysis, reporting, and continuous monitoring objectives across the DoDIN-A(NG) area of responsibility.
Document intelligence findings and supporting artifacts in accordance with DoD and ARNG cybersecurity policy, continuous monitoring, and reporting requirements.
Required QualificationsU.S. Citizenship is required
Experience documenting findings in intelligence summaries, reports, or other written products for operational or leadership use.
Experience coordinating with analysts, engineers, or operational stakeholders to communicate threat findings and support follow-on action.
Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity requirements.
Working knowledge of SIEM-supported analysis and correlation in enterprise security operations environments.
Familiarity with classified and unclassified network defense operations in support of mission-critical environments.
SOC CTIC
Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 — Cybersecurity Operations Support by analyzing threat intelligence feeds and operational security data to identify indicators, adversary tactics, and emerging risks that inform Security Operations Center (SOC) monitoring and response. The position contributes directly to ENOCS delivery of 24/7/365 cybersecurity operations, threat detection, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by enriching indicators, supporting correlation and detection content updates, producing intelligence reporting, and coordinating findings with SOC analysts and CTIC leadership.Please Note:
This position is contingent upon contract award.This role supports ARNG's mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, helping sustain services for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The
SOC CTIC
Technician - Journeyman operates within an enterprise environment that includes Unified Security Information & Event Management (USIEM), EDR, IDS/IPS, DLP, and supporting data sources such as Zeek metadata and Sysmon-informed ATT&CK analytics, while coordinating with organizations including the NETCOM Global Cyber Center andDISA DCDC.
The role supports cyber defense outcomes tied to ARNG Title 10 and Title 32 missions, classified SIPRNet operations, mobilization readiness, and domestic emergency response.ResponsibilitiesAnalyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging risks affecting ARNG classified and unclassified environments.
Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting within Task 3 Cybersecurity Operations Support.
Support updates to correlation logic and detection content used in SOC operations, helping improve threat-informed detections and monitoring effectiveness.
Produce intelligence summaries, reports, and documented findings for SOC analysts, CTIC leadership, and other cybersecurity stakeholders.
Coordinate with SOC analysts and technical teams to translate threat information into actionable detection, monitoring, and response support.
Contribute to USIEM analytics activities by helping correlate available security data and documenting findings that improve centralized visibility and response.
Support analysis aligned to MITRE ATT&CK-based detections using enterprise data sources identified in the ENOCS environment, including Zeek metadata and Sysmon-informed monitoring.
Coordinate with NETCOM Global Cyber Center, DISA DCDC, and related cybersecurity stakeholders as required to support threat analysis, reporting, and continuous monitoring objectives across the DoDIN-A(NG) area of responsibility.
Document intelligence findings and supporting artifacts in accordance with DoD and ARNG cybersecurity policy, continuous monitoring, and reporting requirements.
Required QualificationsU.S. Citizenship is required
Security Clearance:
Secret EligibleRequired Certifications:
DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must holdONE OR MORE
of the following:CC, CEH, GFACT, GISFExperience:
3+ years of experience in cybersecurityExperience analyzing threat intelligence, indicators, and operational security data to support cyber defense or SOC activities.Experience documenting findings in intelligence summaries, reports, or other written products for operational or leadership use.
Experience coordinating with analysts, engineers, or operational stakeholders to communicate threat findings and support follow-on action.
Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity requirements.
Working knowledge of SIEM-supported analysis and correlation in enterprise security operations environments.
Familiarity with classified and unclassified network defense operations in support of mission-critical environments.