Pay Growth
?
out of 5
Not enough data
Not enough info to score pay or growth
Network Security Analyst (CDAP) - Senior
Job
ECS Federal, LLC
Fairfax, VA (In Person)
Full-Time
Review key factors to help you decide if the role fits your goals.
Job Security
?
out of 5
Not enough data
Calculating job security score...
Total Score
71
out of 100
Average of individual scores
Skill Insights
Compare your current skills to what this opportunity needs—we'll show you what you already have and what could strengthen your application.
Job Description
Position SummaryECS is seeking a Network Security Analyst (CDAP) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this Task 3 — Cybersecurity Operations Support role, the selected candidate will analyze network traffic, logs, and security telemetry within the Cybersecurity Data Analytics Platform (CDAP) to identify malicious activity, policy violations, and anomalous behavior across ARNG network environments. The role directly supports ENOCS delivery of 24/7/365 cybersecurity engineering, monitoring, threat detection, vulnerability management, incident support, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility, while coordinating with SOC, cyber threat, defensive cyber, and network engineering personnel to improve enterprise defense.
This position supports a mission environment that provides DoDIN services to more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response operations, and classified and unclassified network operations. The Network Security Analyst (CDAP) - Senior will contribute to cyber situational awareness and defense by working with integrated
ResponsibilitiesAnalyze network traffic, packet data, logs, and security telemetry within CDAP to detect malicious activity, anomalous behavior, and cybersecurity policy violations across enterprise and boundary environments.
Perform intrusion analysis, packet inspection, and event correlation using SIEM and network monitoring capabilities to support identification, validation, and escalation of potential security incidents.
Develop and refine dashboards, reports, and analytic outputs that improve cyber situational awareness and support operational decision-making for ARNG cybersecurity stakeholders.
Support detection engineering by helping refine analytic content and detection logic aligned to MITRE ATT&CK-based analytics and continuous monitoring objectives.
Correlate network security data with integrated
Work closely with SOC, CTI, defensive cyber, and network engineering teams to validate findings, support incident response activities, and strengthen ARNG network defense posture.
Coordinate with the NETCOM Global Cyber Center and DISA DCDC, as required under Task 3 operations, to support DCO-IDM activities across classified and unclassified ARNG environments.
Document analysis results, indicators, and trends to support reporting, governance, and continuous improvement of cybersecurity operations across the DoDIN-A(NG) area of responsibility.
Ensure monitoring, analysis, and reporting activities align with DoD and ARNG cybersecurity policy, RMF requirements, and continuous monitoring strategies supporting ENOCS cybersecurity deliverables.
Required QualificationsU.S. Citizenship is required
Experience performing intrusion analysis, packet inspection, and event correlation in support of cybersecurity monitoring and incident response.
Experience producing dashboards, reports, or other analytic outputs that improve cyber situational awareness for operational stakeholders.
Experience collaborating with SOC, cyber threat, defensive cyber, or network engineering teams to validate findings and improve defensive posture.
Experience supporting RMF-aligned continuous monitoring activities and cybersecurity operations in accordance with DoD or ARNG policy.
Experience working in enterprise network environments spanning multiple sites, users, and endpoint populations.
This position supports a mission environment that provides DoDIN services to more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response operations, and classified and unclassified network operations. The Network Security Analyst (CDAP) - Senior will contribute to cyber situational awareness and defense by working with integrated
SIEM/C2C/DLP
analytics, USIEM-aligned data sources, MITRE ATT&CK-based analytics, and network security telemetry from enterprise and boundary environments. The role operates in coordination with the NETCOM Global Cyber Center and DISA DCDC and helps sustain continuous monitoring, incident analysis, and RMF-aligned cybersecurity operations across ARNG enclaves.Please Note:
This position is contingent upon contract award.ResponsibilitiesAnalyze network traffic, packet data, logs, and security telemetry within CDAP to detect malicious activity, anomalous behavior, and cybersecurity policy violations across enterprise and boundary environments.
Perform intrusion analysis, packet inspection, and event correlation using SIEM and network monitoring capabilities to support identification, validation, and escalation of potential security incidents.
Develop and refine dashboards, reports, and analytic outputs that improve cyber situational awareness and support operational decision-making for ARNG cybersecurity stakeholders.
Support detection engineering by helping refine analytic content and detection logic aligned to MITRE ATT&CK-based analytics and continuous monitoring objectives.
Correlate network security data with integrated
SIEM/C2C/DLP
analytics and coordinate with USIEM engineers to improve visibility, data quality, and threat-informed detections.Work closely with SOC, CTI, defensive cyber, and network engineering teams to validate findings, support incident response activities, and strengthen ARNG network defense posture.
Coordinate with the NETCOM Global Cyber Center and DISA DCDC, as required under Task 3 operations, to support DCO-IDM activities across classified and unclassified ARNG environments.
Document analysis results, indicators, and trends to support reporting, governance, and continuous improvement of cybersecurity operations across the DoDIN-A(NG) area of responsibility.
Ensure monitoring, analysis, and reporting activities align with DoD and ARNG cybersecurity policy, RMF requirements, and continuous monitoring strategies supporting ENOCS cybersecurity deliverables.
Required QualificationsU.S. Citizenship is required
Security Clearance:
TS//SCI EligibleRequired Certifications:
DCWF Work Role 441-Network Operations Specialist — Intermediate proficiency; must holdONE OR MORE
of the following: CND, GFACT, GSEC, Security+Experience:
7+ years of experience in cybersecurityEducation:
Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software EngineeringExperience analyzing network traffic, log data, and security telemetry to identify malicious activity, anomalous behavior, and policy violations.Experience performing intrusion analysis, packet inspection, and event correlation in support of cybersecurity monitoring and incident response.
Experience producing dashboards, reports, or other analytic outputs that improve cyber situational awareness for operational stakeholders.
Experience collaborating with SOC, cyber threat, defensive cyber, or network engineering teams to validate findings and improve defensive posture.
Experience supporting RMF-aligned continuous monitoring activities and cybersecurity operations in accordance with DoD or ARNG policy.
Experience working in enterprise network environments spanning multiple sites, users, and endpoint populations.