SOC CIRT Technician - Journeyman

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 531-Cyber Defense Incident Responder — Basic proficiency; must hold ONE OR MORE of the following: CC, GDSA, GISF
• 3+ years of experience in cybersecurity
• Experience supporting cyber incident investigations involving host-based and network-based evidence collection.
• Experience performing forensic acquisition and technical analysis to support incident scoping, containment, and recovery activities.
• Experience documenting investigative actions, findings, and response status in formal tracking or case management systems.
• Familiarity with malware triage, root-cause analysis, and after-action reporting in operational cybersecurity environments.
• Ability to support continuous monitoring and reporting requirements in alignment with DoD and ARNG cybersecurity policy.
• Experience collaborating with incident response, SOC, and cybersecurity operations personnel during active event handling.
• Working familiarity with classified and unclassified network security operations environments.

Responsibilities

• Perform evidence collection and forensic acquisition activities in support of cyber incident response investigations involving host and network artifacts.
• Analyze collected artifacts to support incident scoping, malware triage, root-cause determination, containment actions, and recovery validation.
• Document investigative actions, technical findings, and incident updates in authorized incident tracking and case management systems.
• Support preparation of incident reports, after-action documentation, and related artifacts required for continuous monitoring and ARNG cybersecurity reporting.
• Coordinate incident response activities with SOC personnel, watch officers, and service owners to support timely escalation, analysis, and resolution of cybersecurity events.
• Assist with investigations informed by USIEM detections, integrated SIEM/C2C/DLP analytics, and EDR telemetry to improve visibility and response across ARNG network environments.
• Support incident coordination and reporting actions aligned with ENOCS Task 3 deliverables and in collaboration with external organizations such as the NETCOM Global Cyber Center and DISA DCDC.
• Contribute to post-incident analysis that strengthens enterprise defenses across ARNG classified and unclassified enclaves, including support to lessons learned and recovery validation.
• Maintain records and supporting documentation in accordance with DoD and ARNG cybersecurity policy, continuous monitoring requirements, and established incident response procedures.