×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Information Security Data Security

Advanced Threat Team Lead - Senior

Job in Fairfax, Fairfax County, Virginia, 22032, USA
Listing for: ECS
Full Time position
Listed on 2026-06-12
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Position Summary

ECS is seeking an Advanced Threat Team Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This role leads advanced threat and insider threat monitoring operations across ARNG classified and unclassified network environments, directing analytic strategy, detection development, and investigation workflows. The position supports over 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories, and operates within ENOCS’s cyber defense environment.

Responsibilities
  • Lead advanced threat and insider threat monitoring activities by directing analytic priorities, investigation workflows, and detection refinement across ARNG enterprise environments.
  • Integrate threat intelligence, user activity monitoring, behavioral analytics, and security telemetry to identify anomalous behavior, high‑risk events, and emerging threat patterns.
  • Develop, tune, and oversee advanced detections using MITRE ATT&CK‑based analytic methods to improve proactive identification of adversary tactics, techniques, and procedures.
  • Coordinate with SOC Tier 2, Cyber Incident Response Team (CIRT), cyber threat intelligence, defensive cyber, and security engineering personnel to investigate and resolve complex security events.
  • Leverage USIEM and integrated SIEM/C2C/DLP analytics, along with data sources such as Zeek metadata and Sysmon monitoring, to improve enterprise visibility and machine‑speed response.
  • Prioritize investigations and reporting based on mission risk and operational impact to ARNG support for Title 10, Title 32, mobilization readiness, domestic emergency response, and classified operations.
  • Coordinate with NETCOM Global Cyber Center, DISA DCDC, ARCYBER, USCYBERCOM, and regional RCC stakeholders to support incident analysis and threat‑informed defense activities.
  • Establish and maintain analytic governance, documentation, and performance metrics that strengthen proactive threat identification and support continuous monitoring objectives.
  • Ensure findings, investigative artifacts, and recommended response actions are documented clearly to support RMF requirements, cybersecurity reporting, and ongoing improvement of enterprise defenses.
Required Qualifications

U.S. Citizenship is required.

Security Clearance:
Secret Eligible.

Required

Certifications:

DCWF Work Role 212‑Cyber Defense Forensics Analyst — Advanced proficiency; must hold one or more of the following: GREM, CFR, CySA+, GCFA, GCFE, Pen Test+.

Experience:

7+ years of experience in cybersecurity.

Education:

Master’s degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering.

  • Demonstrated ability to lead advanced threat monitoring and investigation activities across enterprise cybersecurity operations environments.
  • Experience developing or refining analytic strategies, detection logic, and investigation workflows using threat intelligence and behavioral indicators.
  • Experience correlating and analyzing multiple security data sources to identify anomalous activity, insider threat indicators, and high‑risk events.
  • Ability to document investigative findings, recommend response actions, and produce reporting aligned to continuous monitoring and governance needs.
  • Experience coordinating across SOC, incident response, threat intelligence, defensive cyber, and engineering teams to improve detections and operational outcomes.
  • Working knowledge of RMF‑aligned cybersecurity operations and documentation practices supporting continuous assessment and enterprise security posture.
  • Experience supporting cybersecurity operations in large, geographically dispersed environments with complex mission dependencies.
Desired Qualifications

Security Clearance:
Active Secret (preferred).

  • Experience supporting Army, ARNG, or other DoD enterprise cybersecurity operations spanning both classified and unclassified enclaves.
  • Familiarity with USIEM, EDR, SOAR, or comparable enterprise monitoring and response capabilities used for advanced threat detection and investigation.
  • Experience applying MITRE ATT&CK to…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search