Operational Technology Cybersecurity Analyst - Journeyman

Job Description ECS is seeking an Operational Technology Cybersecurity Analyst – Journeyman to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the candidate supports Task 3 — Cybersecurity Operations Support by monitoring and analyzing security telemetry across Operational Technology (OT), Industrial Control System (ICS), and Defense Critical Infrastructure (DCI) environments; identifying anomalous activity, policy violations, and indicators of compromise; and coordinating response actions with SOC/CIRT personnel, OT engineers, and facility stakeholders. The position contributes directly to ENOCS delivery of Defensive Cyberspace Operations – Internal Defensive Measures (DCO‑IDM) across the DoDIN‑Army‑NG area of responsibility and helps maintain continuous cyber defense operations in coordination with the broader cybersecurity operations team. Please Note: This position is contingent upon contract award. This role supports ARNG’s mission to provide secure enterprise services for more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories, including support to Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified and unclassified network environments. The analyst operates within the ENOCS cybersecurity ecosystem that coordinates with NETCOM, the Global Cyber Center, DISA DCDC, RCCs, and USIEM‑enabled monitoring activities, and helps extend enterprise detection and reporting practices into OT/DCI environments where operational continuity, safety, and availability are mission critical. The role aligns monitoring and reporting activities with RMF, continuous monitoring objectives, and ARNG cybersecurity policy while supporting a future‑state environment in which OT visibility is integrated with enterprise cyber defense capabilities. Responsibilities Monitor and analyze security telemetry from OT, Industrial Control System, and Defense Critical Infrastructure environments to detect anomalous activity, policy violations, misconfigurations, and indicators of compromise affecting control system networks. Review OT network traffic, system logs, and sensor outputs to identify threats while accounting for operational safety, system availability, and mission continuity requirements. Document cybersecurity findings, operational impacts, and risk implications, and support mitigation tracking, remediation validation, and follow‑up reporting. Coordinate with SOC Tier 2, Cyber Incident Response Team (CIRT), OT engineers, and facility stakeholders to investigate, contain, and communicate cybersecurity events in operational environments. Support Task 3 cybersecurity operations objectives by contributing to continuous monitoring, threat detection, vulnerability management, and Defensive Cyberspace Operations – Internal Defensive Measures (DCO‑IDM) activities across the DoDIN‑Army‑NG area of responsibility. Align OT monitoring and reporting activities with DoD and ARNG cybersecurity policy, RMF requirements, eMASS‑related evidence needs, and continuous compliance objectives. Assist in correlating OT/DCI events with broader enterprise cybersecurity data to improve visibility and support coordinated analysis across classified and unclassified network environments. Coordinate, as required, with NETCOM, RCCs, and other ENOCS cybersecurity stakeholders to support incident reporting, defensive actions, and operational awareness for OT and DCI environments. Contribute to the evolving ARNG cyber defense architecture by helping apply USIEM‑supported detection and monitoring concepts to OT environments consistent with ENOCS Task 3 DCI/OT objectives. Required Qualifications U.S. Citizenship is required. Security Clearance: Secret Eligible. Required Certifications: DCWF Work Role 462‑Control Systems Security Specialist – Intermediate proficiency; must hold ONE OR MORE of the following: DAF 462 (Intermediate) (ICS) or DAF 462 (Intermediate) (CS3‑300). Experience: 3+ years of experience in cybersecurity. Education: Bachelor’s degree or higher in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering. Experience monitoring and analyzing security events in Operational Technology, Industrial Control System, or Defense Critical Infrastructure environments. Experience reviewing network traffic, logs, and security telemetry to identify anomalous behavior, threats, or policy violations. Ability to document findings, assess risk impacts, and support remediation validation in mission‑critical operational environments. Experience coordinating cybersecurity investigations with incident response personnel, engineers, and operational stakeholders. Working knowledge of Risk Management Framework (RMF) and continuous monitoring practices in DoD or federal cybersecurity environments. Ability to support cybersecurity operations affecting both classified and unclassified network environments while maintaining operational continuity. Desired Qualifications Security Clearance: Active Secret (preferred). Experience supporting OT/DCI cybersecurity activities in environments integrated with enterprise cyber operations or Security Operations Center workflows. Familiarity with USIEM‑enabled monitoring, IDS/IPS event analysis, or SIEM‑based detection practices used to improve visibility across IT and OT environments. Experience coordinating with Army or DoD cyber organizations such as NETCOM, RCCs, Global Cyber Center, or related mission partners. Familiarity with eMASS artifact maintenance, cybersecurity compliance documentation, or RMF evidence support for ongoing authorization activities. Experience supporting ARNG, Army, or other large‑scale distributed enterprise environments spanning multiple sites, stakeholders, and mission enclaves. ECS Federal LLC is an equal opportunity employer and does not discriminate or allow discrimination on the basis of any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law. #J-18808-Ljbffr ECS