SOC Security Engineering Team Lead - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: TS//SCI Eligible
• Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist — Intermediate proficiency; must hold ONE OR MORE of the following: GMON, GRID, CEH, Cloud+, CySA+, GSEC, PenTest+, Security+, SSCP
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Demonstrated experience implementing, configuring, and maintaining security engineering solutions that support SOC monitoring, detection, and response operations.
• Experience integrating security tools, sensors, log forwarding, and telemetry pipelines to improve monitoring coverage and event correlation.
• Experience validating configuration baselines and supporting system hardening activities in enterprise cyber operations environments.
• Ability to troubleshoot issues affecting log collection, telemetry flow, monitoring coverage, and alert fidelity.
• Experience documenting configuration changes, technical updates, and remediation actions in support of operational and compliance requirements.
• Experience coordinating across security operations, cyber intelligence, assessment, and infrastructure teams to sustain continuous monitoring capabilities.
• Familiarity with USIEM, EDR, IDS/IPS, DLP, and related enterprise security analytics environments referenced in ARNG ENOCS cybersecurity operations.
• Working knowledge of RMF-aligned continuous monitoring and cybersecurity policy compliance in classified and unclassified enterprise environments.

Responsibilities

• Lead the implementation, configuration, and sustainment of security engineering solutions that support SOC monitoring, detection, and response across ARNG enterprise environments.
• Integrate and maintain security tools, sensors, log forwarding mechanisms, and telemetry pipelines to improve enterprise visibility, event correlation, and alert accuracy.
• Support ARNG Task 3 Cybersecurity Operations Support deliverables by enabling continuous monitoring and engineering capabilities required for DCO-IDM across classified and unclassified network environments.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to resolve monitoring gaps, improve alert fidelity, and sustain operational cybersecurity coverage.
• Engineer and maintain data integrations that support USIEM operations, including relevant feeds and telemetry used for centralized analytics, detection, and incident support.
• Assist with system hardening and validation of configuration baselines to align monitoring infrastructure with DoD and ARNG cybersecurity policy and RMF requirements.
• Troubleshoot issues affecting security monitoring coverage, log collection, sensor performance, and detection reliability across ARNG enterprise systems.
• Document configuration changes, engineering updates, and remediation actions to maintain traceability, support compliance activities, and preserve operational knowledge.
• Support coordination with NETCOM Global Cyber Center and DISA DCDC, as required, to help maintain enterprise cybersecurity operations and visibility across the DoDIN-Army-NG area of responsibility.
• Contribute to sustaining telemetry and monitoring support for ARNG’s distributed enterprise of approximately 141,000 endpoints across about 2,800 sites in 54 states and territories.