Operational Technology Cybersecurity Analyst - Journeyman

Job Description

Position Summary
ECS is seeking an Operational Technology Cybersecurity Analyst - Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate supports Task 3 - Cybersecurity Operations Support by monitoring and analyzing security telemetry across Operational Technology (OT), Industrial Control System (ICS), and Defense Critical Infrastructure (DCI) environments; identifying anomalous activity, policy violations, and indicators of compromise;

and coordinating response actions with SOC/CIRT personnel, OT engineers, and facility stakeholders. The position contributes directly to ENOCS delivery of Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility and helps maintain continuous cyber defense operations in coordination with the broader cybersecurity operations team.

Please Note:
This position is contingent upon contract award.

This role supports ARNG's mission to provide secure enterprise services for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified and unclassified network environments. The analyst operates within the ENOCS cybersecurity ecosystem that coordinates with NETCOM, the Global Cyber Center, DISA DCDC, RCCs, and USIEM-enabled monitoring activities, and helps extend enterprise detection and reporting practices into OT/DCI environments where operational continuity, safety, and availability are mission critical.

The role aligns monitoring and reporting activities with RMF, continuous monitoring objectives, and ARNG cybersecurity policy while supporting a future-state environment in which OT visibility is integrated with enterprise cyber defense capabilities.
Responsibilities

• Monitor and analyze security telemetry from OT, ICS, and DCI environments to detect anomalous activity, policy violations, misconfigurations, and indicators of compromise affecting control system networks.
• Review OT network traffic, system logs, and sensor outputs to identify threats while accounting for operational safety, system availability, and mission continuity requirements.
• Document cybersecurity findings, operational impacts, and risk implications, and support mitigation tracking, remediation validation, and follow-up reporting.
• Coordinate with SOC Tier 2, Cyber Incident Response Team (CIRT), OT engineers, and facility stakeholders to investigate, contain, and communicate cybersecurity events in operational environments.
• Support Task 3 cybersecurity operations objectives by contributing to continuous monitoring, threat detection, vulnerability management, and Defensive Cyberspace Operations - Internal Defensive Measures (DCO-IDM) activities across the DoDIN-Army-NG area of responsibility.
• Align OT monitoring and reporting activities with DoD and ARNG cybersecurity policy, RMF requirements, eMASS-related evidence needs, and continuous compliance objectives.
• Assist in correlating OT/DCI events with broader enterprise cybersecurity data to improve visibility and support coordinated analysis across classified and unclassified network environments.
• Coordinate, as required, with NETCOM, RCCs, and other ENOCS cybersecurity stakeholders to support incident reporting, defensive actions, and operational awareness for OT and DCI environments.
• Contribute to the evolving ARNG cyber defense architecture by helping apply USIEM-supported detection and monitoring concepts to OT environments consistent with ENOCS Task 3 DCI/OT objectives.

Required Skills

Required Qualifications
U.S. Citizenship is required

Security Clearance:
Secret Eligible

Required

Certifications:

DCWF Work Role 462-Control Systems Security Specialist - Intermediate proficiency; must hold ONE OR MORE of the following: DAF 462 (Intermediate) (ICS), or, DAF 462 (Intermediate) (CS3-300)

Experience:

3+ years of experience in cybersecurity

Education:

Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience monitoring and analyzing security events in Operational Technology, Industrial Control System, or Defense Critical Infrastructure environments.
• Experience reviewing network traffic, logs, and security telemetry to identify anomalous behavior, threats, or policy violations.
• Ability to document findings, assess risk impacts, and support remediation validation in mission-critical operational environments.
• Experience coordinating cybersecurity investigations with incident response personnel, engineers, and operational stakeholders.
• Working knowledge of Risk Management Framework (RMF) and continuous monitoring practices in DoD or federal cybersecurity environments.
• Ability to support cybersecurity operations affecting both classified and unclassified…