SOC CIRT Technician - Journeyman

Position Summary

ECS is seeking a SOC CIRT Technician - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 — Cybersecurity Operations Support — by assisting cyber incident response investigations through evidence collection, forensic acquisition, analysis of host and network artifacts, malware triage, root-cause analysis, containment support, recovery validation, and incident documentation. The role works closely with ENOCS cybersecurity operations personnel, including SOC, CIRT, watch officers, engineers, and analysts, to help deliver Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

This role contributes to the protection of ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The SOC CIRT Technician - Journeyman helps sustain cyber readiness for Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations by supporting incident handling within a 24x7x365 cybersecurity enterprise. Work is performed in coordination with the broader ENOCS cyber ecosystem, including the NETCOM Global Cyber Center, DISA DCDC, USIEM-enabled monitoring and analytics, EDR-supported investigations, and continuous monitoring and reporting processes aligned to DoD and ARNG policy.

Responsibilities

• Perform evidence collection and forensic acquisition activities in support of cyber incident response investigations involving host and network artifacts.
• Analyze collected artifacts to support incident scoping, malware triage, root-cause determination, containment actions, and recovery validation.
• Document investigative actions, technical findings, and incident updates in authorized incident tracking and case management systems.
• Support preparation of incident reports, after-action documentation, and related artifacts required for continuous monitoring and ARNG cybersecurity reporting.
• Coordinate incident response activities with SOC personnel, watch officers, and service owners to support timely escalation, analysis, and resolution of cybersecurity events.
• Assist with investigations informed by USIEM detections, integrated SIEM/C2C/DLP analytics, and EDR telemetry to improve visibility and response across ARNG network environments.
• Support incident coordination and reporting actions aligned with ENOCS Task 3 deliverables and in collaboration with external organizations such as the NETCOM Global Cyber Center and DISA DCDC.
• Contribute to post-incident analysis that strengthens enterprise defenses across ARNG classified and unclassified enclaves, including support to lessons learned and recovery validation.
• Maintain records and supporting documentation in accordance with DoD and ARNG cybersecurity policy, continuous monitoring requirements, and established incident response procedures.