Data Engineer - Journeyman

Position Summary

ECS is seeking a Data Engineer - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will support Task 3, Cybersecurity Operations Support, by engineering data integration solutions that enable reliable ingestion, parsing, and transformation of cybersecurity telemetry across SOC, CDAP, and analytic platforms. The Data Engineer will work closely with analytic developers, security engineers, and cybersecurity operations personnel to improve data quality, resolve ingestion discrepancies, and sustain the data pipelines that support continuous monitoring, threat detection, and Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

This position directly supports ARNG’s mission to deliver secure enterprise operations for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, including Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The role operates within a cybersecurity environment that includes the Security Operations Center (SOC), Unified Security Information & Event Management (USIEM), Endpoint Detection and Response (EDR), C2C and DLP analytics, and data sources such as Zeek metadata and Sysmon-based monitoring, while coordinating with broader cyber operations aligned to NETCOM Global Cyber Center and DISA DCDC.

Responsibilities

• Engineer data integration solutions that support the ingestion, parsing, normalization, and transformation of cybersecurity telemetry across SOC, CDAP, and analytic platforms.
• Implement schema management and data validation routines to improve the accuracy, traceability, and reliability of cybersecurity reporting and monitoring outputs.
• Optimize data pipeline performance to support scalable analytics and continuous monitoring across ARNG classified and unclassified network environments.
• Collaborate with analytic developers and security engineers to improve data quality, troubleshoot ingestion discrepancies, and sustain visibility for cyber defense operations.
• Support SOC monitoring and analysis by enabling high-quality data feeds for USIEM analytics, including correlation of events from integrated SIEM, C2C, and DLP data sources.
• Help maintain telemetry pipelines that leverage sources identified in the ENOCS environment, including Zeek metadata and Sysmon-based monitoring aligned to MITRE ATT&CK-informed analytics.
• Contribute to the data foundation used for threat detection, incident analysis, and reporting supporting 24x7x365 cybersecurity operations across the DoDIN-Army-NG area of responsibility.
• Coordinate with cybersecurity operations stakeholders to ensure data integration supports DCO-IDM activities and aligns with ARNG and DoD cybersecurity policy.
• Support continuous monitoring visibility and reporting used by cyber operations teams working in coordination with NETCOM Global Cyber Center and DISA DCDC.