SysAd – Endpoint Security Solutions (ESS) – Mid

We are seeking a dynamic, motivated individual to serve as a Junior or Mid-Level Endpoint Security Solutions (ESS) Operator I or II ( depends upon experience) in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. We are seeking an individual for information system administration with a strong cybersecurity knowledge. The ESS Administrator will provide Information Assurance and integration support on the ESS tool suite. Provide system analysis, troubleshooting and integration support. If you are seeking a challenging place to work, please review the list of responsibilities and qualifications. If you don’t meet all the qualifications, a candidate may still be considered depending on your level of experience.


Duties & Responsibilities:

  • Ability to operate the host-based security and compliance baseline configuration, inventory, and best practices for the endpoint security solution (ESS) deployed across multiple unclassified and classified network locations supporting the implementation for McAfee/Trellix products.
  • ESS team manages a suite of products such as: Trellix Agent, ePolicy Orchestrator (ePO), Endpoint Security (ENS) which includes Threat Prevention and Firewall, Data Loss Prevention (DLP), Policy Auditor (PA), and Rogue System Detection (RSD)
  • Responsible for monitoring, maintaining, and analyzing data generated by the McAfee/Trellix ePO console (automated server tasks, trend analysis) and troubleshooting product issues, outages on systems, or errors/latency traced to ESS suite across live enclaves.
  • Responsible for the ESS deployment, implementation, administration, and analysis must comply with registering and attending appropriate trainings (e.g. ESS 201 Administrator and 301 Advanced Administrator courses) to achieve a certificate, maintain it and present it when inspected to ensure STIG compliance
  • Coordinate ESS system activities such as deploying, configuring, monitoring, tuning, upgrading, troubleshooting, and optimizing suite components spanning local, remote, and complex environments refining system rules and alerts.
  • Work in concert with ESS team members, admins, users, operators, integrators, and information assurance personnel configuring assets, endpoint security operations and maintaining the ESS program within multiple enclaves.
  • Provide network admins and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across DoD networks and information systems adhering to ESS working groups and community of practices.
  • Assist in meeting strategic requirements while conforming to rigid standards to aide in reducing gaps in cyber security risk exposure; Record configurations, conduct assessments, specify proper types of files organization, indexing methods, security procedures and submit suggestions to ESS schedule(s), agents, scan zones, and endpoint repository management.
  • Ability to install and patch operating systems (OS), SQL, McAfee/Trellix suite applications.
  • Be familiar with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ESS implementations.
  • Responsible for supporting and ensuring external deliverables: Continuous Monitoring and Risk Scoring (CMRS), DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability, hardware/software asset lists, and/or audit repositories.
  • Assist in leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, Assured Compliance Assessment Solution (ACAS) including .SC (Security Center™) and Nessus® scanners and/or Microsoft Endpoint Configuration Manager (MECM)
  • Continuously assesses current ESS implementations for scans, assets, analysis, and permissions.
  • Assist with validation and sustainment of documentation such as Security Plans, Plan of Actions and Milestones (POAMs), Role Based Access Controls (RBAC), service accounts, certificates, licenses, and physical/virtual location of each component.
  • Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.
  • Maintain ePO system tree per documentation; administer policy catalog management.
  • Maintain effective communications with other external and internal teams essential to ESS operations.
  • Create/maintain/implement custom security policies in line with DISA ESS best practice guidance.
  • Position is subject to up to 10% travel. May be required to be called in after hours for maintenance windows and/or break fix actions.
  • Rack and provision government furnished equipment (GFE) servers when applicable.



  • Candidate should have 1 to 3 years of years of hands-on experience in:
    • ESS and/or McAfee/Trellix or equivalent endpoint security solution products
    • ePO Application console management
    • Windows operating systems admin support experience in mid-to-large enterprise data center environment; familiarity with network patch/update management
  • Exposure interacting with virtualized environments (VMware vSphere, ESXi)
  • Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.
  • Passion for continuous learning in IT data protection and technical/infrastructure technologies
  • Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.
  • Any relevant scripting experience: Ansible, Bash, Perl, PowerShell, Python
  • Any experience within DoD environment or enterprise network data center desired.
  • Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN)
  • Experience with adaptive multi-factor authentication: Apps, VPNs, Workstations, Mac and Windows Endpoints, Virtual Desktops and RADIUS servers is a plus.
  • Ability to lift, rack and provision government furnished equipment (GFE) servers.

  • Technical degree, Associates or Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. or 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable
  • Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or GIAC Global Industrial Cyber Security Professional (GICSP) or (ISC)² SSCP – Systems Security Certified Practitioner
  • Requires Computing Environment (CE) certifications:
    • DISA ESS (HBSS) Trellix (McAfee) training minimum (or acquire within 120 days):
    • ESS 201 Administrator ePO
    • ESS 301 Advanced Administrator ePO
    • Trellix Endpoint Security ENS 10.7 Essentials course
Preferred technical certifications (not required): Splunk Core Certified User or Splunk Core Certified Power User.

Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.

More Job Opportunities