SOC Technician (Shift 2 Lead) - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: TS//SCI Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Demonstrated ability to validate analyst triage decisions and determine when escalation is required for high-risk cybersecurity events.
• Experience reviewing incident and case documentation for technical accuracy, completeness, and adherence to operational processes.
• Ability to perform correlation analysis across multiple security telemetry sources to identify related activity, persistent threats, or coordinated attacks.
• Experience supporting continuous cybersecurity monitoring and analysis in enterprise network environments with both classified and unclassified enclaves.
• Knowledge of SOC operations supporting incident, problem, and change process interactions in a 24/7/365 monitoring environment.
• Ability to analyze trends in alerting and incident activity and translate findings into actionable detection or workflow improvements.
• Experience supporting cybersecurity operations for large, distributed enterprises with geographically dispersed users, endpoints, and mission dependencies.

Responsibilities

• Validate complex alert triage decisions and ensure accurate prioritization of cybersecurity events, incidents, and associated response actions within the SOC.
• Review case documentation for completeness, quality, and operational accuracy to support incident handling, reporting, and auditability.
• Ensure timely escalation of high-risk or coordinated cyber activity to appropriate Tier 2 incident, problem, and change processes and supporting cyber operations teams.
• Conduct advanced correlation analysis across multiple telemetry sources to identify persistent, coordinated, or emerging threat activity affecting ARNG classified and unclassified environments.
• Support trend analysis efforts to identify recurring patterns, operational gaps, and opportunities to improve SOC detection and response effectiveness across the ENOCS enterprise.
• Contribute to detection improvement initiatives by helping refine analytics and alerting approaches aligned to MITRE ATT&CK-based analysis used within the ENOCS cybersecurity operations environment.
• Leverage integrated USIEM, EDR, and IDS/IPS-derived event visibility to support centralized monitoring and stronger threat-informed analysis across the DoDIN-A(NG) area of responsibility.
• Coordinate with SOC analysts, service owners, and other cybersecurity operations personnel to maintain consistent case handling and situational awareness for incidents affecting approximately 141,000 endpoints across 54 states and territories.
• Support cybersecurity operations conducted in coordination with the NETCOM Global Cyber Center and DISA DCDC to help preserve ARNG cyber freedom of action and strengthen enterprise defense.