Signals Acquisition/Exploitation Analyst
Operates equipment to collect signals intelligence from electronic emissions in the field. Works in tactical SIGINT collection units to support ground forces with near-real-time signals intelligence.
“You'll conduct tactical SIGINT collection — operating collection equipment forward-deployed with ground forces to capture near-real-time signals intelligence that supports the maneuver commander directly. 35S experience is the operational field work that feeds higher-echelon analysis, and the tradecraft knowledge is valued by NSA, DIA, and defense contractors who support tactical SIGINT programs. The clearance plus operational SIGINT collection experience creates a resume that the intelligence community recognizes and will pay for.”
You operate collection systems — ground-based SIGINT collection platforms, direction-finding equipment, and associated analysis tools — gathering intelligence on communications and electronic activity and turning it into products that tactical commanders use. The collection work is technical and procedural: operating systems to collect specific signals, processing what you collect, producing timely intelligence that's actually useful to the unit you're supporting. The challenge of tactical SIGINT is that the intelligence cycle doesn't pause for operational tempo, and producing accurate, actionable analysis when you're also fielded and tired and working with equipment that wasn't designed for comfort is the actual daily experience. The SIGINT career field has genuine institutional momentum: the intelligence community is perpetually hiring cleared analysts with collection backgrounds, and the 35S experience in collection systems provides a foundation that SIGINT-focused contractors and agencies value. The clearance is your primary asset; the specific collection experience is what differentiate you from the general pool of cleared applicants. NSA outreach to military SIGINT specialists is active and ongoing.
Execute the Job — By Rank
How you actually run this job at each rank — what you do, what you drill, which manuals you own, and what good looks like. Written for the soldier, sailor, airman, Marine, or Guardian currently in the seat. Each rank deeplinks into the full Playbook deep-dive: time-blocked schedules, unit-type variations, career decisions, and the read on the next rank.
You are the junior signals acquisition / exploitation analyst — the technical-instrumentation side of SIGINT. You have a TS/SCI with the CI polygraph and zero credibility. Your job for the next 24 months is to earn the second one so the first one is worth carrying.
You came out of the 35S AIT pipeline at Goodfellow AFB in San Angelo — the joint cryptologic schoolhouse where Army, Navy, Air Force, and Marine signals soldiers all run through the same 25+ week course on RF theory, spectrum analysis, software-defined radio (SDR) operation, and signals-of-intelligence-interest identification. You showed up to your first unit — most likely the 706th MI Group at Fort Meade (NSA / CSS), the 780th MI Brigade at Fort Eisenhower (formerly Fort Gordon, renamed 2023), a tactical SIGINT company inside a BCT MI battalion, or one of the regional MI brigades (470th at JBSA-Fort Sam Houston, 500th at Schofield, 501st in Korea, 66th in Europe) — and the senior collector handed you a JQR book, a JWICS account, and a list of internal certifications you have 12 months to start. Most of your week is shadowing a certified position on the floor or in the SIGINT shelter, running spectrum scans you cannot interpret yet, learning what a normal RF environment looks like in your operating area, and grinding through the unglamorous part — clearance reinvestigation paperwork, polygraph re-scope ticklers, SAEDA / TARP / cyber-awareness training, EKMS hand-receipt paperwork, classified destruction logs, antenna setup-and-teardown details, and the JQR / OJT signoff book the senior NCO inspects every Friday.
- 01Set up and tear down a tactical SIGINT collection site — directional antennas (Yagi, log-periodic, dish), feed lines, GPS-disciplined oscillator for time/frequency reference, and the SDR / receiver chain — to the unit SOP, without a senior collector babysitting.
- 02Drive a spectrum analyzer well enough to identify the basic signal types in your operating area — narrowband voice, push-to-talk, cellular, WiFi, SATCOM uplink, radar pulse — and log what you see in the format the section requires.
- 03Operate inside an NSA-tasked or tactical SCIF / SCIF-equivalent to AR 380-5 and ICD 705 standards — badge discipline, two-person integrity, classified discussion only inside spaces rated for it.
- 04Read raw signal traffic and write a one-paragraph BLUF a senior collector can put in front of the watch chief without rewriting.
- 05Apply the analytic standards from ICD 203 (sourcing, confidence, alternative analysis) to anything you produce — even at the trainee level.
- 06Pass the IAT-II prerequisites — the DoDM 8140 cyber workforce framework gates every position you are trying to qualify on, and the SIGINT side is not exempt.
- —ATP 2-22.6 — Signals Intelligence (the doctrine spine for the MOS; read it the first month).
- —FM 2-0 — Intelligence (the umbrella; chapters 1-3 in your first 30 days).
- —AR 380-5 — Department of the Army Information Security Program.
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — Threat Awareness and Reporting Program (TARP).
- —AR 25-2 — Army Cybersecurity; DoDM 8140 — Cyberspace Workforce Qualification.
- —STP 34-35S — Soldier Training Publication for 35S (your skill-level reference; what the section sergeant grades you on).
- —JQR / OJT signoff on your assigned collection position inside the published timeline — most teams expect first-position qualification inside 12-18 months.
- —IAT-II baseline credential on the DoDM 8140 list (Security+ CE is the most common entry credential funded by the unit).
- —TS/SCI with CI polygraph maintained without a flag — one mishandling incident and the Special Security Officer pulls your access that afternoon.
- —ACFT 500+ floor — NSA-detail and shelter work is sedentary by nature; the Army standard does not move.
- —Annual SAEDA / TARP / cyber awareness / OPSEC / insider-threat training complete before the suspense — your name on the brigade non-compliance roll is the wrong way to be noticed.
- —Taking a phone, smartwatch, or any personal electronic into a SCIF or a SIGINT shelter. Even once. The SSO pulls access that afternoon and the CI investigation runs months.
- —Logging into a SIPR, JWICS, or NSANet terminal on someone else's account because "they were right here." Account sharing is auditable; the audit closes your access permanently.
- —Talking about what you collect, where you collect, or who you support outside the SCIF. Foreign collection on cryptologic soldiers is real and your name goes in a file the first time you mention it at the gym.
- —Mishandling an EKMS / COMSEC item — keymat, fill device, crypto-ignition key. The two-person integrity chain on EKMS is not a formality; a missing item is a CI investigation that costs the company a month.
- —Pressing a key on a position you are not signed-off on because "the senior op stepped out." Unsupervised collection action without qualification gets the team's authority pulled and your career ends before E-4.
The good cherry 35S is the PFC the senior collector brings to the morning brief because the BLUF on his shadow-product was right, the frequency / time / signal-of-interest log was clean, and the antenna teardown last night was square. By month nine the JQR book is half done; by month eighteen he is sitting an unsupervised position and the section sergeant mentions him by name at shift turnover. The warrant on the team has started asking what he is reading on his own time.
You are the workhorse on the position. The new privates copy how you set up the antenna array and how you log a signal of interest; the senior NCO hands you the hard collection problem on Monday because he expects it back clean by Wednesday.
You are qualified on at least one collection position under the unit's JQR and under the joint cryptologic training framework. You sit a position unsupervised on a tactical SIGINT element inside a BCT MI battalion, an NSA-tasked analytic line at Fort Meade, a regional MI brigade (470th, 500th, 501st, 66th), or a Cyber Mission Force support seat at the 780th MI Brigade. You drive the SDR chain, you run the spectrum analyzer, you exploit the technical parameters of the signals you find — modulation, bandwidth, pulse repetition, geolocation cut — and you write the technical reports the analytic side (35N, 35F) consumes downstream. You are also the Army-side junior leader on a joint floor — when the joint workforce confuses Army career counseling with Navy detailing, you are the one explaining how DA Form 4187s, PERSTEMPO, and the brigade enlisted-management cell actually work.
- 01Run a qualified collection position unsupervised — log every action, hand off cleanly at shift change, and produce the standard technical report (signal parameters, geolocation, time / frequency, source confidence) on time.
- 02Drive an SDR plus spectrum analyzer plus directional-antenna chain end-to-end — survey, identify, characterize, geolocate, and hand off the technical product to the analyst desk without losing chain of custody on the data.
- 03Apply ICD 203 / 206 to every product — sourcing line, confidence statement, technical-parameter citation, alternative analysis when warranted.
- 04Drive cross-domain hygiene — JWICS, SIPR, NIPR, NSANet — without spillage. One spillage rolls up to Army CI and the SSO closes terminals for a week.
- 05Operate the team's position-specific tooling well enough to train the next cherry on it; the JQR signoff you collect today becomes the JQR you sign for someone else inside 12 months.
- 06Know what 35S does that 35N and 35P do not — you collect and characterize the RF signal; 35N exploits the processed analytic product; 35P translates the linguistic content. Stay in your lane on a joint floor; cover the lane completely when it is yours.
- —ATP 2-22.6 — Signals Intelligence (own it at this rank, do not just cite it).
- —ATP 2-22.4 — Technical Intelligence (where TECHINT and SIGINT exploitation overlap on emitter characterization).
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing Requirements for Disseminated Analytic Products.
- —ICD 503 — IC IT Systems Security Risk Management; ICD 705 — SCIF Standards.
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security.
- —DoDM 8140 — Cyberspace Workforce Qualification (the framework your IAT and work-role credentials live under).
- —At least one collection position qualification signed off; second position under JQR.
- —IAT-II baseline maintained (Security+ CE typical); IAT-III in motion if the position demands it (CISSP-Associate, CYSA+, or platform-specific equivalents on the DoDM 8140 list).
- —BLC graduate; promotion points stacked with credentials, college credit (CLEP/DSST/TA), correspondence (DLC), and any Goodfellow advanced course or NSA cryptologic-school seat the unit slots you for.
- —ACFT 540+ floor — the Army standard does not bend because your duty station is a SCIF or a SIGINT shelter.
- —Source-citation and technical-parameter-citation discipline 100% — the SSO inspects on this and ICD 203 grades on this above brigade.
- —Running on a position you are not currently qualified on because "I did it last rotation." Currency lapses are auditable; the team's authority and your access both pay.
- —Logging a signal parameter you did not actually measure because "everyone knows that emitter is on that frequency." The technical report goes to the analytic side as truth; when the geolocation cut is wrong the maneuver commander acts on bad data.
- —Letting the IAT-II credential lapse. The DoDM 8140 audit pulls you off the position the day it expires and the team is short a collector until you re-test.
- —Sharing a SIPR / JWICS / NSANet password with anyone — your team lead, your roommate, the contractor sitting next to you. Two-person integrity is two people with their own credentials. The audit log finds it.
- —Treating EKMS / COMSEC hand-receipt accountability as paperwork. The two-person integrity on keymat is the load-bearing wall on the entire cryptologic enterprise; a missing item is a CI investigation, not a counseling.
The good Specialist 35S is the collector the senior NCO hands the hardest signal-of-interest problem to on Monday because it will come back clean, geolocated, sourced, and ready by Wednesday. He is sitting two positions, his IAT-III voucher is in motion, the section sergeant mentions his name at shift turnover, and the brigade S2 SGM is asking whether he is on the SGT-board slate yet. He also gets his platoon's Army-internal paperwork done on time — which is what separates a qualified collector from a Specialist running a junior NCO seat.
You are an NCO now and a qualified collector with a vote on the floor. The privates do their counselings off your statements; the senior NCO briefs the section chief and the supported command off products you signed for.
You lead a small Army-side collection element — a SIGINT team inside a BCT MI battalion deploying with the brigade, a watch shift in an NSA-tasked analytic cell at Fort Meade, a regional MI brigade collection line, or a section inside the 706th MI Group or the 780th MI Brigade. You are dual-billeted in a way the Army does not always explain well — you have a joint or cryptologic mission seat and an Army NCO seat, and you are accountable to both. You counsel your soldiers on the 14th and after every position event. You write the section's input to the watch chief's shift turnover. You sit at the team huddle, you defend technical-parameter calls under questioning from a supported O-3 or O-4, and you are the senior Army NCO on the floor when the SSG NCOIC is at sick call or in ALC. You will also still be at the position — the moment you stop driving the SDR and the spectrum analyzer is the moment you stop being credible.
- 01Run a tactical SIGINT collection team, a CMF support shift, or an NSA-tasked watch as the lead Army NCO — accountability, position coverage, JQR currency, IAT credential currency, EKMS hand-receipt sanity, and tasked deliverables out the door on time.
- 02Drive at least two qualified collection positions to current standard; lead the JQR / OJT signoff for the soldiers underneath you to the same standard you were held to.
- 03Apply the joint targeting and analytic cycle (JP 2-0, JP 3-13, JP 3-60) end-to-end on the products your shift owes — and defend the team's technical call to the supported command when they wanted a different geolocation cut or a tighter confidence.
- 04Write the DA 4856 counseling that documents both the technical mistake and the development plan — Plan of Action specific, measurable, signed before the soldier leaves the room.
- 05Run the Army-internal piece for a joint or cryptologic workforce — promotion packets, DA 4187s, schools, retention bonuses, family-readiness — without making the soldier go find HRC themselves.
- 06Operate the cross-MOS interface honestly — 35S sits next to 35N (SIGINT analyst), 35P (cryptologic linguist), 35Q (cyber-SIGINT), 35F (all-source), 17C (cyber operations). Know what each does and how the work-role boundaries are drawn so you do not embarrass the team by claiming someone else's lane.
- —ATP 2-22.6 — Signals Intelligence (cover-to-cover at this rank).
- —ATP 2-22.4 — Technical Intelligence.
- —JP 2-0 — Joint Intelligence; JP 3-13 — Information Operations (where SIGINT supports IO); JP 3-60 — Joint Targeting.
- —ICD 203 / 206 / 208 — Analytic Standards, Sourcing, Utility of Disseminated Analytic Products.
- —ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation.
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Cybersecurity; AR 623-3 — Evaluation Reporting.
- —At least two collection positions current; IAT-III credential in motion or already in hand if the position requires it.
- —BLC graduate; ALC slot built and ready when the schedule drops.
- —ACFT 560+ as a floor — your soldiers do not respect an NCO who skates on the test they are graded on, cryptologic workforce or not.
- —Section product quality measurable — technical-report timeliness, JQR pipeline velocity, IAT credential currency rate, EKMS audit clean rate, all trending the right way under your tenure.
- —Promotion-points stacked: Goodfellow advanced courses, NSA cryptologic-school seats, weapons quals, college credit, credentials (Sec+, CYSA+, CISSP-Associate depending on lane), correspondence.
- —Signing off a JQR on a soldier you have not actually watched at the position. The audit finds it, the senior collector finds it, and the team's training authority gets pulled.
- —Counseling soldiers verbally. If the SPC's currency-lapse or sourcing-discipline slip is not in writing, the senior rater cannot defend you and the SSG NCOIC cannot help you.
- —Skipping the SAEDA / TARP / insider-threat report on an indicator you saw — foreign contact, financial distress, unreported travel, behavioral change. AR 381-12 is not optional; the SSO will hear it from someone else first if not from you.
- —Confusing the joint watch chief with your Army NCO chain. The CWO at NSA cannot write your NCOER and cannot defend you at the brigade enlisted-management cell.
- —Letting a SIPR / JWICS / NSANet currency or an EKMS hand-receipt lapse on a soldier under you. Day-one of expiry the position is empty and the team chief asks why.
The good SGT 35S is the collector the watch chief trusts with the supported O-4's brief on a Saturday. His element's technical products survive the next echelon's read; his soldiers are picking up second and third position qualifications on schedule; his SPCs are on the SGT-board slate when their time comes. The team's warrant officer (or the supported NSA civilian senior) knows his name. He is also the Army NCO who turned in his platoon's NCOER input on time without the 1SG asking — which is what separates a credible joint-workforce NCO from one who is hiding from the Army side of the house.
You are the senior Army NCO on a SIGINT collection element, a senior watch NCO inside an NSA-tasked analytic line, or a section NCOIC at the 706th MI Group, the 780th MI Brigade, or a regional MI brigade. The section chief runs the mission; you run the Army collectors and the JQR / IAT / EKMS / NCOER readiness picture.
You own a 6-12 soldier Army-side section or platoon-equivalent of collectors. You write the section's input to the brigade QTB. You sign for SCIF accreditation tasks under ICD 705, IT compliance tasks under ICD 503, EKMS hand-receipt accountability, and the position-qualification pipeline under DoDM 8140 plus the unit JQR. You build two SGTs into ALC-graduate, SLC-ready NCOs. You sit at the brigade enlisted-management table and at the joint section's leadership huddle. You will brief the section chief, the supporting MI battalion S3, or a supported O-6 on element readiness at least once a quarter, and you will defend the technical-collection line to a senior who wants a different geolocation cut or a tighter confidence than the data supports.
- 01Run an Army-side section through a CTC rotation (NTC, JRTC, JMRC), a real-world contingency, or an NSA-tasked operational tempo without losing JQR currency, EKMS accountability, or the technical products.
- 02Defend the section's readiness picture to the supported section chief, the MI battalion S3, or the brigade S2 OIC — say "this position is not currently qualified" or "we cannot fix that geolocation to that confidence" when the room wants a different answer, and back it up.
- 03Build a six-month training plan that produces one position-instructor-qualified NCO, two ICD-203-compliant technical-report writers, and three certified collectors on the team's second-most-demanded position.
- 04Run the unit's Goodfellow / NSA cryptologic-school slot program — slot management, prerequisite tracking, post-course JQR follow-through. Seats wasted are the SSG's on the next inspection.
- 05Mentor SGTs on NCOER writing, board prep, the warrant-officer-track conversation, and the 35-series internal conversions honestly — including the 35Z senior cryptologic NCO consolidation at SFC and the broader cryptologic-enterprise civilian pipeline.
- 06Translate technical-collection uncertainty into a recommendation a supported commander can act on without losing the uncertainty in translation.
- —ATP 2-22.6 — Signals Intelligence; ATP 2-22.4 — Technical Intelligence.
- —JP 2-0 — Joint Intelligence; JP 3-13 — Information Operations; JP 3-60 — Joint Targeting.
- —ICD 203 — Analytic Standards; ICD 206 — Sourcing; ICD 208 — Utility of Analytic Products.
- —ICD 503 — IC IT Risk Management; ICD 705 — SCIF Standards.
- —AR 380-5 — Information Security; AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 25-2 — Cybersecurity.
- —AR 623-3 — Evaluation Reporting; AR 600-8-19 — Enlisted Promotions; AR 350-1 — Army Training and Leader Development.
- —ALC graduate; SLC packet built; consider a Goodfellow instructor-qualified seat or an advanced NSA cryptologic-school certification as the differentiator.
- —Three or more position qualifications across your career; IAT-III credential in hand (CISSP, CASP+, CCNP-Security, or equivalent depending on lane).
- —Section JQR pipeline velocity at or above the brigade or section's average; IAT-credential currency rate at or above 95%; zero EKMS hand-receipt or position-qualification audit findings during your tenure.
- —NCOER bullets on the official achievement list — action-result-impact, measurable, no "demonstrated exceptional cryptologic performance" filler.
- —Section ACFT pass rate at or above brigade average — the cryptologic guys do not get to skip the test.
- —Letting a junior collector push a technical product to the supported command without your sign-off when the SOP requires senior-collector review. You signed for the section; you own every product that leaves the floor.
- —Writing an NCOER as a wish-list. Senior raters at the MI brigade and INSCOM read every 35S NCOER and remember the SSG who inflated the SGT who could not drive a position.
- —Confusing tactical / BCT-level collection with strategic / IC-level technical exploitation. The skills overlap; the standards do not. Be honest about which one your section is producing for whom.
- —Bypassing the SSO on a physical-security, IT-compliance, EKMS, or PERSEC finding. The SSO outranks you on SCIF and crypto compliance, and the report rolls up the chain you cannot influence.
- —Letting the warrant-officer-track or 35Z conversation be transactional. The technician path and the 35Z senior cryptologic NCO seat at SFC are among the most consequential career moves in this MOS — mentor them honestly, including the commute, family, and clearance-maintenance load.
The good SSG 35S runs a section the section chief names in the shift turnover and the MI battalion CDR names in the brigade slide. His SGTs are SLC-board ready. His section produces technical products that survive the next echelon's read and that the supported command actually uses to maneuver, target, or warn. His soldiers re-enlist with credentials the cleared-contractor sitting across the SCIF is bidding on — Booz, Leidos, SAIC, CACI, MITRE — or they walk into NSA civilian, FBI / NCIS technical collection, or commercial SDR / spectrum-engineering work at a defense or telecom shop with a clean clearance and a JQR jacket that translates. He has the warrant-officer-track / 35Z / civilian-pipeline conversation honestly with each of his soldiers before their next re-enlistment window closes.
You are the senior Army cryptologic-collection NCO in an MI company, a battalion S3 cell, a brigade S2 NCOIC seat, or a tactical SIGINT element supporting a BCT. The MI battalion CDR briefs the brigade CDR off the readiness picture you produced; the section chief at NSA briefs the supported COCOM off technical products your element signed for.
You run the platoon's or element's entire enlisted SIGINT collection workforce — training, evaluations, schools, the position-qualification pipeline, the IAT-II/III credential pipeline, NSA / USCYBERCOM detail assignments, EKMS account stewardship, retention, discipline. You build the MI company commander or the section chief into the next echelon. You write four-to-five NCOERs per cycle that pick the next SSG / SFC slate across the brigade's cryptologic collection workforce. You walk the floor and the shelters during operational tempo — the brigade CDR, the brigade S2 SGM, the section chief, and the NSA civilian senior all rely on your read of the element's qualification picture. At SFC the Army may also press the 35Z consolidation question — the 35-series senior cryptologic NCO designation that the 35-family converges into at this tier — verify the current HRC SRB MILPER and the 35-series consolidation guidance before you mentor a soldier through it. You will also still be the senior technical voice on a hard collection problem the section chief or the supported commander wants a second opinion on — the day you stop reading raw spectrum is the day you become a brochure.
- 01Run a tactical SIGINT company's collection platoon through a CTC rotation and a real-world contingency, back-to-back, without losing the technical products, the EKMS account, or the soldiers.
- 02Build the brigade or element's enlisted cryptologic-collection training plan — Goodfellow slot allocation, NSA cryptologic-school sequencing, ALC/SLC scheduling, IAT-II/III certification pipeline — and defend it at the brigade QTB or section-chief huddle.
- 03Mentor a warrant-officer-technician packet through preparation, application, and board sequencing (verify the current SIGINT-lane warrant designation before you brief it — the 351-series and 35-series technician structure is actively managed by HRC).
- 04Operate as senior cryptologic NCO on a JTF, INSCOM detachment, theater intel brigade, ARCYBER staff, PEO IEWS at Aberdeen Proving Ground (tactical SIGINT vehicle / equipment program offices), or NSA-co-located detail — speak the language of the supported staff, not just the home one.
- 05Run an internal SCIF accreditation cycle (ICD 705), an IC IT compliance cycle (ICD 503), an EKMS account audit, and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
- 06Brief enlisted readiness, JQR pipeline status, EKMS audit status, and credential-currency rate at the brigade CSM or section-chief level, in language the senior can defend at the next higher echelon.
- —ATP 2-22.6 — Signals Intelligence; ATP 2-22.4 — Technical Intelligence.
- —JP 2-0 — Joint Intelligence; JP 3-13 — Information Operations; JP 3-60 — Joint Targeting.
- —ICD 203 / 206 / 208 — Analytic Standards, Sourcing, Utility.
- —ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation.
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 25-2 — Army Cybersecurity; AR 380-67 — Personnel Security Program.
- —INSCOM, ARCYBER, and CIO/G-6 FRAGOs / ALARACTs; the USA Intelligence School and Cyber Center of Excellence senior leader publications.
- —SLC graduate; MLC packet built — required for E-8 board competitiveness. Pull the current HRC SELCONT message for the 35S / 35Z board window before you brief a soldier on it.
- —Three-plus position qualifications across your career; senior IAT-III credential current (CISSP, CASP+, or equivalent).
- —Platoon / element JQR pipeline at or above the brigade or section's average; IAT-credential currency rate at or above 95%; zero unresolved CAT-1 SCIF accreditation, EKMS, or DoDM 8140 audit findings during your tenure.
- —Warrant-officer-technician pipeline producing at least one selected candidate per year out of your platoon or section when the talent is there.
- —NCOER profile defensible at brigade, division, INSCOM, ARCYBER, and section-chief level — the rated NCOs you raised are getting selected on the next slate.
- —Letting one team or section drift because the SSG NCOIC is "your guy." The DoDM 8140 audit finds it first, the EKMS audit finds it second, the SSO finds it third, and the brigade CSM finds it fourth.
- —Briefing a confidence level, a geolocation cut, or a readiness picture you cannot defend at the next echelon up. Theater intel brigades, INSCOM staff, ARCYBER staff, and NSA leadership read brigade technical products; they remember who wrote what.
- —Confusing tactical / BCT-internal collection experience with strategic / IC / joint-force competence. The brigade and the section chief need both; senior NCOs who fake the second are exposed the first time they brief a J2 or an NSA senior.
- —Skipping the family-readiness piece because "the spouses run that." Cryptologic-collection deployment tempo, polygraph reinvestigation stress, and irregular shift work in a SCIF are real loads on families, and you sign the readiness report on it.
- —Going around the brigade S2 OIC or the MI battalion CDR to a higher echelon. The CSM's door closes; the slate gets read out at the next CSM conference.
The good SFC 35S is the senior cryptologic-collection NCO the brigade CSM, the MI battalion CDR, and the section chief at NSA all trust to run the element's readiness through a contested operational tempo and a real-world contingency without surprises. His warrant-officer-track pipeline is producing accessions; his platoon's NCOERs pick the next SSG-board slate; his SGTs are on the SLC slot list. He is on the short list for First Sergeant of an MI company before he sits MLC, and the supported COCOM's J2 enlisted senior knows his name.
You are the senior enlisted cryptologic-collection voice on a Military Intelligence company, a tactical SIGINT battalion, the 706th MI Group, the 780th MI Brigade, a regional MI brigade (470th, 500th, 501st, 66th), an INSCOM major subordinate command, or an NSA / CSS enlisted advisory seat. The brigade CDR, the section chief, the INSCOM CG, or the NSA enlisted senior names you in the slide.
As 1SG you run an MI company — 90-130 collectors, analysts, linguists, cyber soldiers, the SCIF footprint, the orderly room, the supply room, the security clearances, the polygraph re-scope tracker, the EKMS account, and the readiness reporting. As SGM/CSM on the 706th MI Group, the 780th MI Brigade, a regional MI brigade, an INSCOM major subordinate command, an NSA / CSS co-located detail, ARCYBER staff, INSCOM HQ at Fort Belvoir, or a Cyber Mission Force support element, you set the standard for the enlisted cryptologic-collection workforce at scale — JQR currency, IAT-II/III certification, position qualification, EKMS account stewardship, the warrant-officer-technician pipeline, the 35Z senior cryptologic NCO consolidation (verify the current HRC consolidation guidance before you mentor it), command climate inside a closed-access workforce that runs odd hours in a SCIF or a shelter. You sit in the cryptologic-strategy conversations alongside O-5s, O-6s, GS-15s, and senior NSA civilians; you advise on enlisted talent slate at echelons above brigade.
- 01Run an MI company, brigade, or element enlisted readiness picture — JQR currency, IAT-II/III, position qualification, EKMS account audit status, polygraph re-scope tracker — and defend it at the brigade CDR, INSCOM CG, or section-chief level.
- 02Mentor a warrant-officer-technician slate at brigade or higher-staff level, including the 35Z consolidation conversation where applicable.
- 03Brief the brigade CDR, theater intel brigade, INSCOM, ARCYBER, or supported COCOM senior enlisted advisor on enlisted cryptologic-collection readiness in language the senior can defend at the next higher echelon.
- 04Run a SCIF accreditation cycle (ICD 705), an IC IT compliance cycle (ICD 503), an EKMS account audit, and a DoDM 8140 workforce-qualification audit end-to-end without senior-NCO-attributable CAT-1 findings.
- 05Translate the Army Intelligence Enterprise / INSCOM / ARCYBER / NSA-CSS strategy into enlisted-talent decisions at the unit — slots, schools, assignments, retention bonuses (pull the current HRC SRB MILPER before you brief it), polygraph re-scope sequencing.
- 06Run a casualty notification, PERSEC compromise response, CI compromise response, or insider-threat referral inside a closed-access workforce with the dignity and discretion the population and the mission require.
- —AR 600-20 — Army Command Policy; AR 27-10 — Military Justice (you are in the room); AR 670-1 — Wear and Appearance.
- —AR 381-10 — US Army Intelligence Activities; AR 381-12 — TARP; AR 380-5 — Information Security; AR 380-67 — Personnel Security; AR 25-2 — Army Cybersecurity.
- —ICD 503 — IC IT Risk Management; ICD 705 — SCIF Accreditation; ICD 203 / 206 / 208 — Analytic Standards (you teach these now).
- —EO 12333 — United States Intelligence Activities; DoDD 5240.01 — DoD Intelligence Activities; DoDM 5105.21 — SCI Administrative Security Manual.
- —DoDM 8140 — Cyberspace Workforce Qualification; INSCOM / ARCYBER / NSA-issued FRAGOs and ALARACTs.
- —The 1SG Course / USASMA / SGM-A reading list and the Cryptologic School senior leader catalog at Fort Meade — you are expected to teach doctrine and translate strategy down.
- —USASMA / SGM-A completion before competing for command CSM slate.
- —Brigade or higher-staff SCIF accreditation, EKMS account audit, and DoDM 8140 workforce-qualification passes without senior-NCO-attributable CAT-1 findings during your tenure.
- —Warrant-officer-technician pipeline producing 1+ selected candidate per year from your unit when the talent is there.
- —NCOER profile the senior rater can defend at brigade, division, INSCOM, ARCYBER, and section-chief level — your rated NCOs are picking up 1SG and SGM chevrons on schedule.
- —Zero senior-NCO-level integrity, financial, fraternization, OPSEC, polygraph-falsification, EKMS, or CI incidents. One ends the career permanently — and at this rank, in this MOS, it also threatens the clearance of every soldier you mentored.
- —Pretending to be the senior technical voice on a collection position or signal class you have been off of for years. Senior cryptologic NCOs lose authority by faking depth — the warrants and the GS-13 civilians at NSA will catch you the first week.
- —Letting a 1SG-led company drift on SCIF accreditation, EKMS account stewardship, DoDM 8140 workforce qualification, or insider-threat reporting because "the SSO will catch it." You own it; the SSO is your partner, not your replacement.
- —Treating the warrant-officer-track or 35Z consolidation conversation as transactional. The technician and senior cryptologic NCO paths are among the highest-leverage career moves in the cryptologic-collection community — mentor them like it is, including the honest parts about commute, family, and clearance maintenance.
- —Going public with disagreement over a CO's operational call, an NSA civilian senior's analytic line, or a J2's targeting decision. Take it in the office. Walk out aligned, or push back in writing through the right echelon.
- —Confusing seniority with current relevance. The SIGINT collection field moves fast — the soldier sitting today's position is closer to the truth than the CSM who has not driven an SDR or read raw spectrum in five years.
The good 35S CSM / 1SG / SGM is the senior enlisted leader the brigade CDR, the section chief at NSA, the INSCOM CG, the ARCYBER senior, or the supported COCOM senior enlisted advisor names without thinking. His MI company or element is the one the brigade pulls forward for the contested rotation. His warrant-officer-technician pipeline is in the upper third of the community; his rated NCOs are picking up first sergeant chevrons on schedule. His soldiers transition into cleared IC contractor seats (Booz, Leidos, SAIC, CACI, MITRE), NSA civilian billets, FBI / NCIS technical-collection roles, or commercial SDR / spectrum-engineering work at telecom and defense industry with credentials the market is already bidding on. He is the enlisted voice in the room when the J2, the NSA civilian senior, and the supported commander disagree on what an emitter is doing — and the conversation ends with the technical and analytic lines intact.
What this actually is in the real world
Your skills translate. Here's what civilian employers call this job — and what they pay.
Purchasing Managers
Strong matchConstruction Managers
Related fieldManagement Analysts
Related fieldSalary data from the U.S. Bureau of Labor Statistics Occupational Employment and Wage Statistics program, retrieved Feb 2026. BLS.gov cannot vouch for the data or analyses derived from these data after the data have been retrieved from BLS.gov.
MOS Pulse
Anonymous · One tap · No accountThree seconds of your time, zero of your identity. This is how the honest picture of 35S gets built — one tap at a time.
Knowing what you know now — would you pick 35S again?
Did your recruiter describe this job accurately?
Hours per week this job actually takes in garrison?
That tap took 3 seconds. A full review takes 10 minutes — and does about 100x more for the next person staring at this contract.
Write the Full Review →Nobody’s gone first. Yet.
Zero reviews for 35S. Not because nobody has opinions — anyone who’s actually done Signals Acquisition/Exploitation Analyst is carrying a full magazine of them — but because nobody’s put theirs on the record.
So here’s the deal: the first approved review of every MOS becomes its Founding Review. Permanently badged, permanently first. Every person who looks up 35S from now on reads it before anything else — including the recruiter’s version.
We could fill this page with fake reviews tonight. Plenty of sites do. We never will — which means this space stays exactly this empty until someone who lived it goes first.
Anonymous by default — no name, no unit, fuzzy timestamps. Your chain of command never knows it was you.
35S Signals Acquisition/Exploitation Analyst — FAQ
Q01What does a 35S do in the Army?
Q02How long is 35S training and where is it held?
Q03What does a day in the life of a 35S look like?
Q04What are the most common career-ending mistakes for a 35S?
Q05What civilian jobs does 35S translate to?
Q06What's the career progression for a 35S?
Q07What's the recruiter not telling me about 35S?
Sources:Branch MOS catalog · DTMO pay tables · DoD/.gov benefits references · O*NET civilian career mapping · verified service-member reviews