SOC CTIC Technician - Journeyman

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF
• 3+ years of experience in cybersecurity
• Experience analyzing threat intelligence, indicators, and operational security data to support cyber defense or SOC activities.
• Experience documenting findings in intelligence summaries, reports, or other written products for operational or leadership use.
• Experience coordinating with analysts, engineers, or operational stakeholders to communicate threat findings and support follow-on action.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity requirements.
• Working knowledge of SIEM-supported analysis and correlation in enterprise security operations environments.
• Familiarity with classified and unclassified network defense operations in support of mission-critical environments.

Responsibilities

• Analyze threat intelligence feeds and operational security data to identify indicators of compromise, adversary tactics, techniques, and procedures, and emerging risks affecting ARNG classified and unclassified environments.
• Enrich indicators and operational findings to support SOC monitoring, incident analysis, and CTIC reporting within Task 3 Cybersecurity Operations Support.
• Support updates to correlation logic and detection content used in SOC operations, helping improve threat-informed detections and monitoring effectiveness.
• Produce intelligence summaries, reports, and documented findings for SOC analysts, CTIC leadership, and other cybersecurity stakeholders.
• Coordinate with SOC analysts and technical teams to translate threat information into actionable detection, monitoring, and response support.
• Contribute to USIEM analytics activities by helping correlate available security data and documenting findings that improve centralized visibility and response.
• Support analysis aligned to MITRE ATT&CK-based detections using enterprise data sources identified in the ENOCS environment, including Zeek metadata and Sysmon-informed monitoring.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and related cybersecurity stakeholders as required to support threat analysis, reporting, and continuous monitoring objectives across the DoDIN-A(NG) area of responsibility.
• Document intelligence findings and supporting artifacts in accordance with DoD and ARNG cybersecurity policy, continuous monitoring, and reporting requirements.