Enterprise Cyber Operations Support – CND Analyst - SOC

Clearance Level
Information Security
Falls Church, Virginia

REQ#: RQ121423

Travel Required: Less than 10%
Requisition Type: Regular


Guard Enterprise Cyber Operations Support (GECOS) – CND Analyst - SOC

GDIT has an opening for a CND Analyst - SOC position supporting the Army National Guard (ARNG) in Chantilly, VA. This is an IT Service Management contract in support of the operation, modernization, expansion, and further evolution of the ARNG’s global Information Technology (IT) services including networking, compute, storage, infrastructure, applications, hosting, and program management services.  The GECOS program supports the ARNG enterprise IT infrastructure, its Wide Area Network (WAN), authentication and directory services, cybersecurity, application hosting, and associated services. GECOS uses ITIL best practices framework as the basis for IT Service Management (ITSM) model. The work includes the following:

  • Operating the DoDIN-Army (National Guard) (DoDIN-A(NG) and DoDIN-A(NG)-Secret (S) networks and maintaining service delivery and cybersecurity of DoDIN-A(NG) and DoDIN-A(NG)-S networks and computing services.
  • Supporting the DoDIN-A(NG) and DoDIN-A(NG)-S networks and associated computing services from requirement identification to service retirement / replacement.
  • Ensuring continued security of the network and proactive enhancement of cybersecurity to meet evolving and emerging threats, to include compliance with DoD Risk Management Framework (RMF) and continuous monitoring requirements.
  • Providing support to the 54 supported organizations (i.e., 50 states, three territories, and the District of Columbia) to ensure flexible and responsive operation and defense of the network.  Some OCONUS travel might be required.
  • Adhering to all Department of Defense (DoD) enterprise security requirements to include those required by the Defense Information Systems Agency (DISA) and the Department of the Army (DA); prepping for and passing Command Cyber Readiness Inspections (CCRIs), obtaining and maintaining Authority to Connect (ATC) and Authority to Operate (ATO) from the Designated Approving Authority (DAA); ensuring compliance with all Secure Technical Implementation Guides (STIGS) and required information assurance (IA) controls.
  • Maintaining the lifecycle of all services, ensuring they meet business needs, comply with Army directives and mandates, and are in keeping with the future Joint Information Environment (JIE) architecture.
  • Maintain continuity of service when primary support systems operate in degraded mode per COOP.

The CND Analyst - SOC will:

  • Responsible for ensuring monitoring enterprise systems, defending against security breaches, and identifying, investigating, and mitigating cybersecurity threats including managing the operation of the SOC and the performance of ARNG RCC-NG SOC activities 24/7/365 to protect DOD information systems and infrastructure.
  • Responsible for developing a SOC Communications Plan, supporting COOP exercises, analyzing impact of significant incidents, providing technical reports, recovery costs, evaluation of the effectiveness of CND sensor coverage, O&M costs based upon the categories of threats of concern identified by the SOC and external Government agencies.
  • Authors and implements custom detection content (e.g., reports, assets, cases, connectors, customers, dashboards, field sets, files, filters, integration commands, knowledge base, lists, notifications, pattern discovery, query viewers, reports, rules, stages, and users), tunes the SIEM and IDS/IPS events to minimize false positives, and analyzes and reviews SOC metrics.
  • Evaluates and analyzes RCC-NG hardware and software, improves analysis techniques, and coordinates and reports ISS‐related incidents.
  • Provides support in assembling, evaluating, and monitoring various intrusion detection sensors or tools and associated software applications.


Required Skills and Experience: 

  • Minimum 7 years IT relevant experience and 5 years SOC operations support
  • Experience managing firewall, IDS/IPS, and router ACL policies
  • Experience with vulnerability management assessment and mitigation
  • Possess the appropriate baseline certifications to achieve DoD 8570.01-M Information Assurance Technical (IAT) Level II
  • Possess the appropriate DoD 8570 CSSP Analyst, Infrastructure, or Incident Responder certification
  • An active SECRET DoD clearance

Desired Skills and Experience: 

  • Cisco Certification
  • Palo Alto Certification


About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.