SysAd – Endpoint Security Solutions (ESS) – Mid

Duties & Responsibilities:

• Ability to operate the host-based security and compliance baseline configuration, inventory, and best practices for the endpoint security solution (ESS) deployed across multiple unclassified and classified network locations supporting the implementation for McAfee/Trellix products.
• ESS team manages a suite of products such as: Trellix Agent, ePolicy Orchestrator (ePO), Endpoint Security (ENS) which includes Threat Prevention and Firewall, Data Loss Prevention (DLP), Policy Auditor (PA), and Rogue System Detection (RSD)
• Responsible for monitoring, maintaining, and analyzing data generated by the McAfee/Trellix ePO console (automated server tasks, trend analysis) and troubleshooting product issues, outages on systems, or errors/latency traced to ESS suite across live enclaves.
• Responsible for the ESS deployment, implementation, administration, and analysis must comply with registering and attending appropriate trainings (e.g. ESS 201 Administrator and 301 Advanced Administrator courses) to achieve a certificate, maintain it and present it when inspected to ensure STIG compliance
• Coordinate ESS system activities such as deploying, configuring, monitoring, tuning, upgrading, troubleshooting, and optimizing suite components spanning local, remote, and complex environments refining system rules and alerts.
• Work in concert with ESS team members, admins, users, operators, integrators, and information assurance personnel configuring assets, endpoint security operations and maintaining the ESS program within multiple enclaves.
• Provide network admins and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across DoD networks and information systems adhering to ESS working groups and community of practices.
• Assist in meeting strategic requirements while conforming to rigid standards to aide in reducing gaps in cyber security risk exposure; Record configurations, conduct assessments, specify proper types of files organization, indexing methods, security procedures and submit suggestions to ESS schedule(s), agents, scan zones, and endpoint repository management.
• Ability to install and patch operating systems (OS), SQL, McAfee/Trellix suite applications.
• Be familiar with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ESS implementations.
• Responsible for supporting and ensuring external deliverables: Continuous Monitoring and Risk Scoring (CMRS), DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability, hardware/software asset lists, and/or audit repositories.
• Assist in leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, Assured Compliance Assessment Solution (ACAS) including .SC (Security Center™) and Nessus® scanners and/or Microsoft Endpoint Configuration Manager (MECM)
• Continuously assesses current ESS implementations for scans, assets, analysis, and permissions.
• Assist with validation and sustainment of documentation such as Security Plans, Plan of Actions and Milestones (POAMs), Role Based Access Controls (RBAC), service accounts, certificates, licenses, and physical/virtual location of each component.
• Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.
• Maintain ePO system tree per documentation; administer policy catalog management.
• Maintain effective communications with other external and internal teams essential to ESS operations.
• Create/maintain/implement custom security policies in line with DISA ESS best practice guidance.
• Position is subject to up to 10% travel. May be required to be called in after hours for maintenance windows and/or break fix actions.
• Rack and provision government furnished equipment (GFE) servers when applicable.

Qualifications:

Qualifications/Requirements:

• Candidate should have 1 to 3 years of years of hands-on experience in:
  • ESS and/or McAfee/Trellix or equivalent endpoint security solution products
  • ePO Application console management
  • Windows operating systems admin support experience in mid-to-large enterprise data center environment; familiarity with network patch/update management
• Exposure interacting with virtualized environments (VMware vSphere, ESXi)
• Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.
• Passion for continuous learning in IT data protection and technical/infrastructure technologies
• Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.
• Any relevant scripting experience: Ansible, Bash, Perl, PowerShell, Python
• Any experience within DoD environment or enterprise network data center desired.
• Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN)
• Experience with adaptive multi-factor authentication: Apps, VPNs, Workstations, Mac and Windows Endpoints, Virtual Desktops and RADIUS servers is a plus.
• Ability to lift, rack and provision government furnished equipment (GFE) servers.

• Technical degree, Associates or Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. or 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable
• Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or GIAC Global Industrial Cyber Security Professional (GICSP) or (ISC)² SSCP – Systems Security Certified Practitioner
• Requires Computing Environment (CE) certifications:
  • DISA ESS (HBSS) Trellix (McAfee) training minimum (or acquire within 120 days):
  • ESS 201 Administrator ePO
  • ESS 301 Advanced Administrator ePO
  • Trellix Endpoint Security ENS 10.7 Essentials course