SOC Technician (Shift 3 Lead) - Senior

About The Position

Requirements

• U.S. Citizenship is required
• Security Clearance: TS//SCI Eligible
• Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+
• 7+ years of experience in cybersecurity
• Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering
• Experience leading or performing investigation of high-severity cybersecurity alerts and incident activity in a SOC or comparable monitoring environment.
• Experience reconstructing event telemetry and analyzing multiple security data sources to determine incident scope, affected assets, and recommended containment actions.
• Experience mentoring junior analysts and improving analyst performance through review, coaching, and operational guidance.
• Experience supporting ticket and incident escalation processes in coordination with incident, problem, and change management workflows.
• Experience producing clear incident documentation, operational findings, and recommendations suitable for leadership review and follow-on action.
• Experience supporting continuous monitoring and analysis for enterprise environments with large user, endpoint, and geographically distributed site populations.
• Experience working with MITRE ATT&CK-based analytics or ATT&CK-informed detection and investigation approaches.
• Experience identifying operational gaps and contributing to updates of SOC playbooks, procedures, or monitoring processes.

Responsibilities

• Lead analysis of high-severity cybersecurity alerts and incidents, performing detailed telemetry reconstruction to determine scope, impact, and recommended next actions.
• Validate containment and response actions before escalation to incident, problem, or change processes to support disciplined SOC operations and reduce operational risk.
• Support ENOCS Task 3 monitoring and analysis activities by helping maintain effective 24x7x365 SOC operations across ARNG classified and unclassified network environments.
• Mentor junior analysts on alert triage, incident documentation, escalation quality, and investigative techniques to improve consistency and execution across the SOC.
• Refine and improve SOC playbooks, workflows, and investigative procedures based on operational findings, lessons learned, and recurring incident trends.
• Contribute to performance quality reviews by assessing analyst outputs, identifying process gaps, and recommending operational improvements to strengthen continuous monitoring execution.
• Correlate and analyze security data from USIEM, EDR, IDS/IPS, and DLP sources to support threat-informed defense and improve detection fidelity.
• Apply MITRE ATT&CK-based analytic thinking during incident investigation and coordinate with SOC leadership, service owners, and supporting teams as required to support enterprise cyber defense.
• Coordinate as needed with NETCOM Global Cyber Center, DISA DCDC, RCC-ARNG, and related cyber operations stakeholders to support incident awareness, escalation, and response alignment.