SysAd – Endpoint Security Solutions (ESS) – Mid

We are seeking a dynamic, motivated individual to serve as a Junior or Mid-Level Endpoint Security Solutions (ESS) Operator I or II ( depends upon experience) in support of the 26 NOS, US Air Force at Maxwell AFB, Gunter Annex. We are seeking an individual for information system administration with a strong cybersecurity knowledge. The ESS Administrator will provide Information Assurance and integration support on the ESS tool suite. Provide system analysis, troubleshooting and integration support. If you are seeking a challenging place to work, please review the list of responsibilities and qualifications. If you don’t meet all the qualifications, a candidate may still be considered depending on your level of experience.

 

Duties & Responsibilities:

  • Ability to operate the host-based security and compliance baseline configuration, inventory, and best practices for the endpoint security solution (ESS) deployed across multiple unclassified and classified network locations supporting the implementation for McAfee/Trellix products.
  • ESS team manages a suite of products such as: Trellix Agent, ePolicy Orchestrator (ePO), Endpoint Security (ENS) which includes Threat Prevention and Firewall, Data Loss Prevention (DLP), Policy Auditor (PA), and Rogue System Detection (RSD)
  • Responsible for monitoring, maintaining, and analyzing data generated by the McAfee/Trellix ePO console (automated server tasks, trend analysis) and troubleshooting product issues, outages on systems, or errors/latency traced to ESS suite across live enclaves.
  • Responsible for the ESS deployment, implementation, administration, and analysis must comply with registering and attending appropriate trainings (e.g. ESS 201 Administrator and 301 Advanced Administrator courses) to achieve a certificate, maintain it and present it when inspected to ensure STIG compliance
  • Coordinate ESS system activities such as deploying, configuring, monitoring, tuning, upgrading, troubleshooting, and optimizing suite components spanning local, remote, and complex environments refining system rules and alerts.
  • Work in concert with ESS team members, admins, users, operators, integrators, and information assurance personnel configuring assets, endpoint security operations and maintaining the ESS program within multiple enclaves.
  • Provide network admins and security personnel with mechanisms to prevent, detect, track, report, and remediate malicious computer-related activities and incidents across DoD networks and information systems adhering to ESS working groups and community of practices.
  • Assist in meeting strategic requirements while conforming to rigid standards to aide in reducing gaps in cyber security risk exposure; Record configurations, conduct assessments, specify proper types of files organization, indexing methods, security procedures and submit suggestions to ESS schedule(s), agents, scan zones, and endpoint repository management.
  • Ability to install and patch operating systems (OS), SQL, McAfee/Trellix suite applications.
  • Be familiar with Department Information Systems Agency (DISA) Security Technical Implementation Guidelines (STIGs) / Security Requirements Guide (SRG), applicable to each non-classified or Secret Internet Protocol (IP) Router Network (NIPRNet, SIPRNet) environment for all ESS implementations.
  • Responsible for supporting and ensuring external deliverables: Continuous Monitoring and Risk Scoring (CMRS), DoD Patch Repository Defense Asset Distribution System (DADS), build/maintain vulnerability, hardware/software asset lists, and/or audit repositories.
  • Assist in leveraging asset management solutions and enterprise network application tools such as Forescout, SolarWinds Orion, Assured Compliance Assessment Solution (ACAS) including .SC (Security Center™) and Nessus® scanners and/or Microsoft Endpoint Configuration Manager (MECM)
  • Continuously assesses current ESS implementations for scans, assets, analysis, and permissions.
  • Assist with validation and sustainment of documentation such as Security Plans, Plan of Actions and Milestones (POAMs), Role Based Access Controls (RBAC), service accounts, certificates, licenses, and physical/virtual location of each component.
  • Responsible to assist/troubleshoot schedule scans are covering 100% of intended targets ensuring timely and accurate scanning and reporting per PMO, IA and DoD policies and orders.
  • Maintain ePO system tree per documentation; administer policy catalog management.
  • Maintain effective communications with other external and internal teams essential to ESS operations.
  • Create/maintain/implement custom security policies in line with DISA ESS best practice guidance.
  • Position is subject to up to 10% travel. May be required to be called in after hours for maintenance windows and/or break fix actions.
  • Rack and provision government furnished equipment (GFE) servers when applicable.

Qualifications:

Qualifications/Requirements:

  • Candidate should have 1 to 3 years of years of hands-on experience in:
    • ESS and/or McAfee/Trellix or equivalent endpoint security solution products
    • ePO Application console management
    • Windows operating systems admin support experience in mid-to-large enterprise data center environment; familiarity with network patch/update management
  • Exposure interacting with virtualized environments (VMware vSphere, ESXi)
  • Demonstrate advanced diagnostics, analytical, critical thinking and troubleshooting skills.
  • Passion for continuous learning in IT data protection and technical/infrastructure technologies
  • Ability to manage, evaluate and prioritize workload to accommodate and align with business objectives, security concerns, and costs.
  • Any relevant scripting experience: Ansible, Bash, Perl, PowerShell, Python
  • Any experience within DoD environment or enterprise network data center desired.
  • Knowledge of data communications, local-area networking (LAN), wide-area networking (WAN)
  • Experience with adaptive multi-factor authentication: Apps, VPNs, Workstations, Mac and Windows Endpoints, Virtual Desktops and RADIUS servers is a plus.
  • Ability to lift, rack and provision government furnished equipment (GFE) servers.

Education/Certification(s):
  • Technical degree, Associates or Bachelor’s degree in Computer Science/Information Systems, S.T.E.M. or 2-4 years’ relevant experience in Information Technology preferably within systems or applications administration is acceptable
  • Requires DoD 8570.01-M IAT Level II certification: CompTIA Security+ CE (Continuing Education) or GIAC Global Industrial Cyber Security Professional (GICSP) or (ISC)² SSCP – Systems Security Certified Practitioner
  • Requires Computing Environment (CE) certifications:
    • DISA ESS (HBSS) Trellix (McAfee) training minimum (or acquire within 120 days):
    • ESS 201 Administrator ePO
    • ESS 301 Advanced Administrator ePO
    • Trellix Endpoint Security ENS 10.7 Essentials course
Preferred technical certifications (not required): Splunk Core Certified User or Splunk Core Certified Power User.

Clearance: 
Active DoD Secret required or ability to complete investigation process for interim with potential to upgrade to Top Secret clearance preferred.

More Job Opportunities