SOC Vulnerability Management ACAS Lead - Senior

ECS is seeking a SOC Vulnerability Management ACAS Lead - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this senior Task 3 Cybersecurity Operations Support role, the selected candidate will lead ACAS vulnerability scanning operations by directing scan planning, execution, validation, and reporting across supported ARNG enterprise environments. The role supports ENOCS delivery of Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) across the DoDIN-Army-NG area of responsibility and works closely with SOC, compliance, RMF, and engineering teams to identify risk, prioritize remediation, and strengthen enterprise vulnerability governance.

This position directly supports ARNG’s mission to defend classified and unclassified network environments serving more than 120,000 users and approximately 141,000 endpoints across about 2,800 sites in 54 states and territories. The role contributes to cybersecurity operations that enable Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations. Within the ENOCS technical environment, this position helps sustain continuous monitoring and compliance activities across platforms and services referenced in the program, including ACAS, eMASS, STIG-aligned baselines, and integration points with broader SOC operations that leverage USIEM, EDR, IDS/IPS, and enterprise reporting to coordinate with NETCOM Global Cyber Center and DISA DCDC.

Please Note: This position is contingent upon contract award.

• Lead ACAS scanning operations across ARNG enterprise environments, including scan planning, execution, validation, and reporting to support continuous vulnerability identification and risk reduction.
• Oversee configuration, sustainment, and coverage of ACAS infrastructure, ensuring proper credentialing and accurate scan visibility across supported systems and enclaves.
• Validate vulnerability findings against STIGs, IAVMs, RMF requirements, and applicable DoD and ARNG cybersecurity directives before release to stakeholders for action.
• Prioritize high-risk vulnerabilities based on current threat posture and enterprise impact, and coordinate remediation tracking with system owners, engineering teams, and cybersecurity stakeholders.
• Maintain accurate POA&M status and support eMASS update activities so reported risk posture reflects current remediation progress and compliance conditions.
• Produce operational metrics, compliance reports, and vulnerability governance data to support continuous monitoring, audit readiness, and cybersecurity decision-making.
• Coordinate vulnerability management activities with SOC functions and enterprise cyber operations that use USIEM analytics, EDR, and IDS/IPS data to improve visibility and response across the DoDIN-A(NG) environment.
• Support Task 3 deliverables by aligning ACAS-driven vulnerability assessment activities with ENOCS cybersecurity operations conducted in coordination with the NETCOM Global Cyber Center and DISA DCDC.
• Contribute to protection of ARNG classified and unclassified network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and SIPRNet operations across 54 states and territories.

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 541-Vulnerability Assessment Analyst — Intermediate proficiency; must hold ONE OR MORE of the following: CEH(P), RCCE Level 1, Cloud+, CPTE, FITSP-A, GCED, GCIH, GCSA, GICSP, GSEC, PenTest+, Security+,

Experience: 7+ years of experience in cybersecurity

Education: Bachelors degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering

• Experience leading enterprise vulnerability scanning, validation, and reporting activities in support of cybersecurity operations.
• Experience administering and sustaining ACAS infrastructure, including scan policy execution, credentialed scanning, and coverage management.
• Experience assessing vulnerabilities and compliance posture against STIGs, IAVMs, RMF requirements, and documented cybersecurity directives.
• Experience coordinating remediation activities with system owners, engineers, and cybersecurity teams and tracking closure status through formal risk management processes.
• Experience producing compliance metrics, operational reporting, and audit-support artifacts for continuous monitoring programs.
• Experience supporting POA&M management and maintaining accurate representation of current risk posture.
• Ability to analyze scan results for accuracy, eliminate false positives where appropriate, and communicate actionable findings to technical and non-technical stakeholders.