SOC CIRT Technician - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 531-Cyber Defense Incident Responder — Basic proficiency; must hold ONE OR MORE of the following: CC, GDSA, GISF
• 3+ years of experience in cybersecurity
• Experience supporting cyber incident response activities involving evidence handling, forensic acquisition, and analysis of host and network artifacts.
• Ability to assist with malware triage, containment support, recovery validation, and root-cause analysis during cybersecurity investigations.
• Experience producing accurate incident documentation, technical findings, and after-action inputs in accordance with operational reporting requirements.
• Familiarity with continuous monitoring and cybersecurity policy-aligned response documentation in DoD or ARNG mission environments.
• Ability to support investigations in coordination with SOC and incident response personnel within a 24x7x365 cybersecurity operations construct.
• Experience working with security event and case data generated through enterprise monitoring and analysis capabilities such as SIEM, EDR, or related response workflows.

Responsibilities

• Perform evidence collection, forensic acquisition, and technical analysis of host and network artifacts in support of cyber incident response investigations.
• Assist with malware triage, root-cause determination, containment support, and recovery validation for suspected or confirmed cybersecurity incidents.
• Document investigative steps, findings, and response actions in incident tracking and case management systems to support required reporting and auditability.
• Support after-action reporting and incident documentation to strengthen enterprise defenses and align with ARNG and DoD continuous monitoring requirements.
• Coordinate incident response activities with SOC analysts, CIRT personnel, and related cybersecurity operations teams supporting Task 3 deliverables.
• Contribute to incident analysis and reporting workflows that interface with ARNG cybersecurity operations and coordination points such as NETCOM Global Cyber Center and DISA DCDC.
• Analyze artifacts and indicators derived from monitored environments that leverage USIEM, EDR, and SOAR-enabled detection and response activities.
• Support response activities across classified and unclassified ARNG enclaves, including mission environments tied to SIPRNet operations and broader DoDIN-A(NG) defensive operations.
• Maintain clear, timely records of investigative observations, containment support actions, and recovery validation results to support lessons learned and operational follow-through.