We are seeking a dynamic, motivated individual to serve as a Junior or Mid-Level Endpoint Security Solutions (ESS) Operator I or II ( depends upon experience) in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. We are seeking an individual for information system administration with a strong cybersecurity knowledge. The ESS Administrator will provide Information Assurance and integration support on the ESS tool suite. Provide system analysis, troubleshooting and integration support. If you are seeking a challenging place to work, please review the list of responsibilities and qualifications. If you don’t meet all the qualifications, a candidate may still be considered depending on your level of experience.
Duties & Responsibilities:
- Ability to operate the host-based security and compliance baseline configuration, inventory, and best practices for the endpoint security solution (ESS) deployed across multiple unclassified and classified network locations supporting the implementation for McAfee/Trellix products.
- ESS team manages a suite of products such as: Trellix Agent, ePolicy Orchestrator (ePO), Endpoint Security (ENS) which includes Threat Prevention and Firewall, Data Loss Prevention (DLP), Policy Auditor (PA), and Rogue System Detection (RSD)
- Responsible for monitoring, maintaining, and analyzing data generated by the McAfee/Trellix ePO console (automated server tasks, trend analysis) and troubleshooting product issues, outages on systems, or errors/latency traced to ESS suite across live enclaves.
- Responsible for the ESS deployment, implementation, administration, and analysis must comply with registering and attending appropriate trainings (e.g. ESS 201 Administrator and 301 Advanced Administrator courses) to achieve a certificate, maintain it and present it when inspected to ensure STIG compliance
- Coordinate ESS system activities such as deploying, configuring, monitoring, tuning, upgrading, troubleshooting, and optimizing suite components spanning local, remote, and complex environments refining system rules and alerts.
- Work in concert with ESS team members, admins, users, operators, integrators, and information assurance personnel configuring assets, endpoint security operations and maintaining the ESS program within multiple enclaves.
- Provide network admins and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across DoD networks and information systems adhering to ESS working groups and community of practices.
- Assist in meeting strategic requirements while conforming to rigid standards to aide in reducing gaps in cyber security risk exposure; Record configurations, conduct assessments, specify proper types of files organization, indexing methods, security procedures and submit suggestions to ESS schedule(s), agents, scan zones, and endpoint repository management.
- Ability to install and patch operating systems (OS), SQL, McAfee/Trellix suite applications.
- Be familiar with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ESS implementations.
- Responsible for supporting and ensuring external deliverables: Continuous Monitoring and Risk Scoring (CMRS), DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability, hardware/software asset lists, and/or audit repositories.
- Assist in leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, Assured Compliance Assessment Solution (ACAS) including .SC (Security Center™) and Nessus® scanners and/or Microsoft Endpoint Configuration Manager (MECM)
- Continuously assesses current ESS implementations for scans, assets, analysis, and permissions.
- Assist with validation and sustainment of documentation such as Security Plans, Plan of Actions and Milestones (POAMs), Role Based Access Controls (RBAC), service accounts, certificates, licenses, and physical/virtual location of each component.
- Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.
- Maintain ePO system tree per documentation; administer policy catalog management.
- Maintain effective communications with other external and internal teams essential to ESS operations.
- Create/maintain/implement custom security policies in line with DISA ESS best practice guidance.
- Position is subject to up to 10% travel. May be required to be called in after hours for maintenance windows and/or break fix actions.
- Rack and provision government furnished equipment (GFE) servers when applicable.
- Candidate should have 1 to 3 years of years of hands-on experience in:
- ESS and/or McAfee/Trellix or equivalent endpoint security solution products
- ePO Application console management
- Windows operating systems admin support experience in mid-to-large enterprise data center environment; familiarity with network patch/update management
- Exposure interacting with virtualized environments (VMware vSphere, ESXi)
- Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.
- Passion for continuous learning in IT data protection and technical/infrastructure technologies
- Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.
- Any relevant scripting experience: Ansible, Bash, Perl, PowerShell, Python
- Any experience within DoD environment or enterprise network data center desired.
- Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN)
- Experience with adaptive multi-factor authentication: Apps, VPNs, Workstations, Mac and Windows Endpoints, Virtual Desktops and RADIUS servers is a plus.
- Ability to lift, rack and provision government furnished equipment (GFE) servers.
- Technical degree, Associates or Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. or 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable
- Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or GIAC Global Industrial Cyber Security Professional (GICSP) or (ISC)² SSCP – Systems Security Certified Practitioner
- Requires Computing Environment (CE) certifications:
- DISA ESS (HBSS) Trellix (McAfee) training minimum (or acquire within 120 days):
- ESS 201 Administrator ePO
- ESS 301 Advanced Administrator ePO
- Trellix Endpoint Security ENS 10.7 Essentials course
Preferred technical certifications (not required): Splunk Core Certified User or Splunk Core Certified Power User.
Clearance: Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.