SOC Manager - Senior

ECS is seeking a SOC Manager - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the selected candidate will lead Security Operations Center activities under Task 3 — Cybersecurity Operations Support, directing continuous monitoring, threat detection, incident escalation, and case management in support of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM). The SOC Manager - Senior will establish operational standards for triage and escalation, oversee performance across SOC workflows, and coordinate closely with CTIC, CIRT, vulnerability management, defensive cyber, and engineering teams to strengthen operational readiness and reduce cyber risk across supported ARNG environments.

This position directly supports ARNG’s mission to deliver DoDIN services and cyber defense for more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The role contributes to cybersecurity operations spanning classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. The SOC Manager - Senior will operate within a technical environment that includes 24x7x365 SOC monitoring, USIEM analytics, EDR, IDS/IPS, DLP, SOAR, ACAS, STIG Manager, and coordination with NETCOM Global Cyber Center and DISA DCDC to maintain mission assurance across the DoDIN-Army-NG area of responsibility.

Please Note: This position is contingent upon contract award.

• Direct Security Operations Center activities to ensure continuous monitoring, threat detection, incident triage, escalation, and operational readiness across supported ARNG environments.
• Establish and enforce shift coverage standards, triage quality controls, and case management procedures to support timely incident handling and risk reduction.
• Oversee incident escalation workflows into Tier 2 incident, problem, and change processes, ensuring effective coordination with CIRT, incident management, and problem management functions.
• Integrate SOC operations with CTIC, vulnerability management, defensive cyber, and engineering teams to improve containment actions, remediation execution, and continuous monitoring outcomes.
• Leverage USIEM, EDR, IDS/IPS, DLP, and related analytics to support centralized visibility, improved detection quality, and machine-speed response across ARNG cyber operations.
• Coordinate with NETCOM Global Cyber Center, DISA DCDC, and other designated stakeholders to align SOC operations with broader DoDIN-Army-NG cybersecurity requirements and reporting expectations.
• Review operational metrics, SOC communications, and evaluation artifacts to identify trends, improve analyst performance, and strengthen mission assurance objectives.
• Support cybersecurity operations across classified and unclassified enclaves, including environments tied to ARNG Title 10 and Title 32 missions, mobilization readiness, and domestic emergency response.
• Contribute to COOP site validation, testing, and operational readiness activities to help sustain continuity of cybersecurity monitoring and response services.

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 511-Cyber Defense Analyst — Advance proficiency; must hold ONE OR MORE of the following: CBROPS,CFR,CySA+,GCFA,GCIA,GICSP

Experience: 7+ years of experience in cybersecurity

Education: Masters degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience directing SOC functions related to continuous monitoring, threat detection, incident escalation, and operational readiness.
• Experience establishing and enforcing triage standards, escalation procedures, and case management controls in a cyber operations environment.
• Experience coordinating across incident response, vulnerability management, defensive cyber, and engineering teams to drive timely containment and remediation.
• Experience reviewing operational metrics and producing leadership reporting for Government stakeholders in support of continuous monitoring objectives.
• Knowledge of cybersecurity operations supporting both classified and unclassified network environments.
• Experience working within enterprise cyber environments that use SIEM analytics, endpoint detection and response, and network security monitoring capabilities.
• Ability to support mission operations across large, geographically dispersed enterprise environments with high endpoint volume and continuous operational demands.