Cybersecurity Analyst (CDAP) Lead - Senior

ECS is seeking a Cybersecurity Analyst (CDAP) Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. This position supports Task 3 — Cybersecurity Operations Support — and leads Cybersecurity Data Analytics Platform (CDAP) analytic operations that strengthen Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility. The role directs enterprise monitoring, detection, correlation, reporting, analytic rule development, dashboard governance, and data validation activities, while coordinating closely with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to improve threat visibility, triage quality, and risk reporting for Government stakeholders.

This role contributes to cybersecurity operations protecting ARNG classified and unclassified network environments that support more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The position operates within an enterprise environment that includes USIEM analytics, EDR, IDS/IPS, DLP, Zeek metadata, Sysmon-based monitoring, and coordination with NETCOM, ARCYBER, USCYBERCOM, RCC-ARNG, the NETCOM Global Cyber Center, and DISA DCDC. CDAP outputs produced in this role help sustain continuous monitoring, RMF support, and operational cyber readiness for ARNG Title 10 and Title 32 missions, including mobilization readiness, domestic emergency response, and support to SIPRNet and NIPRNet operations.

Please Note: This position is contingent upon contract award.

• Lead CDAP analytic operations by directing monitoring, detection, correlation, and reporting activities across enterprise security data sources supporting Task 3 cybersecurity operations deliverables.
• Oversee alert triage quality and analytic workflow execution to improve identification, prioritization, and escalation of high-risk cyber findings across DoDIN-connected environments.
• Develop, refine, and govern analytic rules, dashboards, and data validation processes to improve threat visibility, reporting accuracy, and operational decision support.
• Coordinate with SOC, cyber threat intelligence, defensive cyber, and security engineering teams to strengthen detection logic, analytic coverage, and response visibility.
• Leverage enterprise security telemetry and analytics aligned with the ENOCS environment, including USIEM, EDR, IDS/IPS, DLP, Zeek metadata, and Sysmon-informed monitoring, to support centralized visibility and threat-informed detection.
• Support continuous monitoring and RMF objectives by ensuring CDAP outputs align with eMASS artifact needs, compliance reporting, and ARNG and DoD cybersecurity policy expectations.
• Produce operational metrics, dashboards, and executive-level reporting for Government stakeholders to communicate analytic performance, cyber risk trends, and detection outcomes.
• Coordinate analytic support activities with organizations and operational partners identified in Task 3, including RCC-ARNG, NETCOM, ARCYBER, USCYBERCOM, the NETCOM Global Cyber Center, and DISA DCDC, as appropriate.
• Improve analytic coverage for ARNG classified and unclassified environments by validating data sources, identifying gaps in visibility, and recommending enhancements to monitoring and reporting processes.

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P),GMON,GRID,Cloud+,FITSP-O,GCED,GDSA,GSEC,PenTest+,Security+

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience leading or overseeing cybersecurity monitoring, detection, correlation, and reporting activities across enterprise security data sources.
• Experience developing or refining analytic rules, dashboards, and data quality processes used to improve threat visibility and operational reporting.
• Experience coordinating with SOC, cyber threat intelligence, defensive cyber, or security engineering teams to improve detection logic and triage outcomes.
• Experience producing operational metrics and executive reporting for Government stakeholders in support of continuous monitoring or cyber operations.
• Knowledge of RMF support activities and the use of cybersecurity outputs to inform continuous monitoring objectives and compliance reporting.
• Experience working with enterprise security analytics and monitoring capabilities such as SIEM, EDR, IDS/IPS, DLP, or related telemetry sources in DoDIN-connected environments.