Network Security Analyst (CDAP) - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: TS//SCI Eligible
• Required Certifications: DCWF Work Role 441-Network Operations Specialist — Intermediate proficiency; must hold ONE OR MORE of the following: CND, GFACT, GSEC, Security+
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience analyzing network traffic, log data, and security telemetry to identify malicious activity, anomalous behavior, and policy violations.
• Experience performing intrusion analysis, packet inspection, and event correlation in support of cybersecurity monitoring and incident response.
• Experience producing dashboards, reports, or other analytic outputs that improve cyber situational awareness for operational stakeholders.
• Experience collaborating with SOC, cyber threat, defensive cyber, or network engineering teams to validate findings and improve defensive posture.
• Experience supporting RMF-aligned continuous monitoring activities and cybersecurity operations in accordance with DoD or ARNG policy.
• Experience working in enterprise network environments spanning multiple sites, users, and endpoint populations.

Responsibilities

• Analyze network traffic, packet data, logs, and security telemetry within CDAP to detect malicious activity, anomalous behavior, and cybersecurity policy violations across enterprise and boundary environments.
• Perform intrusion analysis, packet inspection, and event correlation using SIEM and network monitoring capabilities to support identification, validation, and escalation of potential security incidents.
• Develop and refine dashboards, reports, and analytic outputs that improve cyber situational awareness and support operational decision-making for ARNG cybersecurity stakeholders.
• Support detection engineering by helping refine analytic content and detection logic aligned to MITRE ATT&CK-based analytics and continuous monitoring objectives.
• Correlate network security data with integrated SIEM/C2C/DLP analytics and coordinate with USIEM engineers to improve visibility, data quality, and threat-informed detections.
• Work closely with SOC, CTI, defensive cyber, and network engineering teams to validate findings, support incident response activities, and strengthen ARNG network defense posture.
• Coordinate with the NETCOM Global Cyber Center and DISA DCDC, as required under Task 3 operations, to support DCO-IDM activities across classified and unclassified ARNG environments.
• Document analysis results, indicators, and trends to support reporting, governance, and continuous improvement of cybersecurity operations across the DoDIN-A(NG) area of responsibility.
• Ensure monitoring, analysis, and reporting activities align with DoD and ARNG cybersecurity policy, RMF requirements, and continuous monitoring strategies supporting ENOCS cybersecurity deliverables.