×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Network Security Information Security IT Support

SOC CTIC Lead - SME Security Clearance

Job in Fairfax, Fairfax County, Virginia, 22031, USA
Listing for: ECS
Full Time position
Listed on 2026-06-09
Job specializations:
  • IT/Tech
    Cybersecurity, Network Security, Information Security, IT Support
Job Description & How to Apply Below
Position: SOC CTIC Lead - SME with Security Clearance
Job Description Position Summary ECS is seeking a SOC CTIC Lead - SME to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, you will support Task 3 - Cybersecurity Operations Support by conducting and leading cyber incident response activities for the ARNG enterprise, including evidence collection, forensic acquisition, analysis of host and network artifacts, malware triage, root-cause analysis, containment support, recovery validation, and incident documentation.

The position works as part of ENOCS' broader cybersecurity operations construct, coordinating with SOC analysts, Cyber Incident Response Team (CIRT) personnel, watch officers, engineers, and service owners to strengthen defensive cyberspace operations across classified and unclassified environments. This role directly supports ENOCS' mission to defend the DoDIN-Army-NG area of responsibility serving more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories.

The SOC CTIC Lead - SME contributes to cybersecurity operations that enable Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations by helping detect, investigate, contain, and document cyber incidents. The position operates within an environment that uses USIEM analytics, EDR, IDS/IPS, SOAR, Zeek metadata, Sysmon-informed MITRE ATT&CK analysis, and eMASS-supported continuous monitoring, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC to maintain enterprise cyber freedom of action.

Please Note:

This position is contingent upon contract award. Responsibilities
* Conduct cyber incident response investigations through evidence collection, forensic acquisition, and analysis of host and network artifacts in support of ARNG defensive cyberspace operations.
* Perform malware triage and root-cause analysis to determine incident scope, identify affected systems, and support containment and recovery actions.
* Document investigative actions, technical findings, and incident outcomes in incident tracking and case management systems to support reporting, governance, and after-action requirements.
* Support recovery validation by verifying remediation actions, confirming restoration status, and helping ensure incidents are fully resolved before closure.
* Coordinate incident handling activities with SOC Tier 2 personnel, CIRT, watch officers, problem and change processes, and other cybersecurity operations stakeholders as required.
* Leverage security data and enterprise monitoring outputs from environments such as USIEM, EDR, IDS/IPS, and related analytics to support investigation, correlation, and incident determination.
* Apply MITRE ATT&CK-informed analysis and available telemetry such as Sysmon and Zeek metadata to help identify adversary tactics, techniques, and procedures and improve incident understanding.
* Support coordination and reporting associated with incidents affecting ARNG classified and unclassified enclaves, including environments tied to SIPRNet operations and broader DoDIN-A(NG) mission support.
* Assist with post-incident reporting and lessons learned documentation to strengthen continuous monitoring, improve defensive measures, and inform follow-on cyber defense activities.
* Coordinate, as needed, with external mission partners and cyber organizations identified in ENOCS operations, including the NETCOM Global Cyber Center and DISA DCDC, in accordance with incident handling procedures. Required Skills

Required Qualifications U.S. Citizenship is required Security Clearance:
Secret Eligible Required

Certifications:

DCWF Work Role 531-Cyber Defense Incident Responder - Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P), ECIH, GRID, RCCE Level 1, CBROPS, CCSP, CEH, Cloud+, FITSP-O, GCED, GCIH, GSEC, Pen Test+, Security+

Experience:

7+ years of experience in cybersecurity

Education:

Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search