Dashboard Guru - Journeyman

Job Description

Position Summary
ECS is seeking a Dashboard Guru - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will support Task 3 - Cybersecurity Operations Support by analyzing emerging threats, reviewing security telemetry, correlating operational indicators, and producing reporting that informs proactive defense across the ARNG enterprise. The Dashboard Guru - Journeyman contributes to Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) by helping refine detections, identify risk trends, document findings, and coordinate with SOC, cyber threat intelligence, and defensive cyber personnel to strengthen continuous monitoring and response outcomes.

Please Note:
This position is contingent upon contract award.

This position supports a mission environment delivering DoDIN services and cybersecurity operations for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The role operates within ARNG's classified and unclassified network environments and contributes to analytics and reporting that leverage ARNG's cybersecurity ecosystem, including USIEM, EDR, IDS/IPS event data, DLP analytics, and MITRE ATT&CK-based detections, while coordinating with organizations such as the NETCOM Global Cyber Center and DISA DCDC to improve visibility, threat-informed defense, and policy-aligned cyber operations.
Responsibilities

• Analyze threat data, security telemetry, and operational indicators to identify cyber risk trends and support proactive defense across Task 3 Cybersecurity Operations Support.
• Correlate events and intelligence from multiple sources to help determine suspicious activity, develop findings, and recommend defensive actions for ARNG classified and unclassified environments.
• Support SOC, cyber threat intelligence, and defensive cyber teams by refining detection content, documenting analytic results, and improving the quality of threat-focused reporting.
• Develop dashboards, reports, and analytic products that support continuous monitoring, cybersecurity governance, and compliance with DoD and ARNG cybersecurity policy.
• Leverage USIEM, EDR, IDS/IPS, and DLP-related data to improve centralized visibility and help prioritize analyst action on potential threats across the DoDIN-A(NG) area of responsibility.
• Apply MITRE ATT&CK-based analysis techniques to support detection development, event correlation, and post-incident understanding of adversary tactics, techniques, and procedures.
• Coordinate with SOC personnel and USIEM engineers to improve data feed utility, enable stronger analytics, and support more effective monitoring and analysis outcomes.
• Document threat research, event analysis, findings, and recommendations in a clear, reproducible manner to support reporting, operational decision-making, and continuous improvement.
• Contribute analytic support aligned with ARNG's 24x7x365 cybersecurity operations mission in coordination with entities including the NETCOM Global Cyber Center and DISA DCDC.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance:
Secret Eligible

Required

Certifications:

DCWF Work Role 212-Cyber Defense Forensics Analyst - Intermediate proficiency; must hold ONE OR MORE of the following: RCCE Level 1, CHFI

Experience:

3+ years of experience in cybersecurity

Education:

Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Ability to analyze security telemetry and operational indicators to identify patterns, anomalies, and risk trends.
• Experience producing written analytic findings, recommendations, and reporting suitable for operational and compliance use.
• Ability to perform event correlation across multiple security data sources to support threat detection and defensive cyber operations.
• Familiarity with continuous monitoring activities and documentation practices supporting DoD and ARNG cybersecurity policy requirements.
• Experience collaborating with SOC analysts, threat intelligence personnel, and defensive cyber teams to improve detection and reporting outcomes.
• Ability to translate technical threat findings into dashboards or reporting products that support operational awareness and decision-making.
• Experience supporting cyber operations in enterprise environments with both classified and unclassified network considerations.

Desired Skills

Desired Qualifications
Security Clearance:
Active Secret (preferred)

• Experience supporting cybersecurity operations for Army, ARNG, or other DoD enterprise environments.
• Familiarity with USIEM analytics, EDR data, IDS/IPS event analysis, and DLP-supported monitoring workflows.
• Experience applying MITRE ATT&CK to threat…