SOC Technician (Shift 1 Lead) - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: Secret Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Basic proficiency; must hold ONE OR MORE of the following: CC, CEH, GFACT, GISF
• 1+ years of experience in cybersecurity
• Experience monitoring security logs, network telemetry, and endpoint alerts for suspicious or anomalous activity.
• Ability to perform preliminary event analysis, pattern recognition, and log correlation using approved procedures and analytic rules.
• Experience documenting findings, maintaining ticket accuracy, and updating case management records throughout event handling activities.
• Familiarity with continuous monitoring activities in support of DoD or ARNG cybersecurity policy requirements.
• Ability to support evidence tracking and maintain organized records for incident handling and reporting.
• Familiarity with classified and unclassified network defense operations in an enterprise cybersecurity environment.
• Ability to coordinate effectively with incident response, problem management, and change management stakeholders during event escalation.

Responsibilities

• Monitor security logs, network telemetry, and endpoint alerts to identify anomalous activity and potential indicators of compromise across ARNG classified and unclassified environments.
• Perform log correlation and preliminary pattern analysis using approved analytic rules and established monitoring procedures to support timely detection and escalation.
• Document observations, findings, and event details in case management systems, ensuring tickets are complete, accurate, and updated throughout the response lifecycle.
• Escalate incidents and suspicious activity in accordance with established response procedures and Tier 2 incident, problem, and change processes.
• Support continuous monitoring reporting requirements aligned with DoD and ARNG cybersecurity policy, maintaining accurate records for operational visibility and auditability.
• Assist with evidence tracking and event documentation to support cyber incident response, follow-on analysis, and lessons learned.
• Leverage integrated SIEM/C2C/DLP analytics and available security data sources to improve visibility and support threat-informed monitoring within the SOC.
• Coordinate with SOC analysts, service owners, and supporting cyber teams to support USIEM and endpoint detection activities within ARNG’s DCO-IDM mission.
• Contribute to cybersecurity operations that interface with the NETCOM Global Cyber Center and DISA DCDC in defense of the DoDIN-Army-NG area of responsibility.