Peraton requires Senior Endpoint Protections/ACAS Administrators to support the Special Operation Command Information Technology Enterprise Contract (SITEC) – 3. This position is located at Stuttgart, Germany and requires TESA approval.
The purpose of the Special Operations Forces Information Technology Enterprise Contract (SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs), and its deployed forces with Operations and Maintenance (O&M) services to maintain Network Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365.
Under the direction of the Task Lead, the Senior Endpoint Protection/ACAS Administrators must have solid technical skills and experience to perform daily administration and troubleshooting of Host Based Security System on endpoints and scanning and identification and remediation of vulnerabilities using ACAS in accordance with Government compliance and cybersecurity guidelines. Endpoint protection /ACAS Administrators troubleshoot and resolve problems on endpoints and servers as well as conduct compliance scans with ACAS to identify security issues and patch compliance.
Duties include but are not limited to:
- Some positions may require shift work and/or an ability to work a non-standard work schedule to support the USSOCOM mission
- Developing bi-directional chain of command and lateral cross-team/peer relationships across organizations supporting problem resolution and technology awareness
- Communicating and interacting effectively at all levels of staff and management
- Exercising independent judgment and managing stakeholder expectations
- Demonstrating subject matter expertise with Endpoint Security Management, Data Loss Prevention (DLP), and Vulnerability Management
- Providing technical support for software, hardware, and DoD-specific applications related to the Tenable ACAS solution
- Analyzing and Assessing Security Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alerts (IAVAs), and Security Content Automation Protocol (SCAP) releases
- Conducting vulnerability analysis and collaborating with Cross Functional Administrators to mitigate vulnerabilities and provide guidance on remediation
- Ensuring scheduled scans cover all intended assets and run successfully
- Troubleshooting credential failures by analyzing target device configurations
- Demonstrating subject matter expertise in operating and optimizing security tools, including SIEM platforms such as Microsoft Sentinel, Splunk, Trellix EDR, Microsoft Defender and Tenable ACAS solutions
- Configuring, operating, and maintaining Trellix EDR product suite (ePolicy Orchestrator, Trellix Agent, Data Loss Prevention, Policy Auditor, ESS/ENS) on Windows, Linux and UNIX operating systems
- Ensuring compliance with DISA, US Cyber Command, and SOCOM operations orders (OPORDs), Fragmentary orders (FRAGOs), Change Tasking Orders (CTOs), and other DoD configuration compliance requirements
- Analyzing and reporting on security trends, vulnerabilities, incidents, and providing actionable recommendations to enhance detection capabilities and mitigate security risks
- Reviewing, assessing and recommending security controls associated with SIE environments
- Performing cyber incident analysis to understand the technical details, root causes, and potential impact of incidents
- Performing periodic reviews of environment and providing ad-hoc and periodic usage reporting to customer and leadership
- Maintaining and Developing detailed documentation of Tenable ACAS and Trellix configurations, policies, and changes
- Generating reports on security posture, compliance, and security incidents for stakeholders
- Ensuring infrastructure Service Level Agreement (SLA) and policy compliance
Desired experience and proficiency:
- Experience in the following Enclaves: NIPR, SIPR, SOCRATES, BICES, Tactical Mission Networks and Commercial ISP
- Understanding of Cyber Exposure to include the lifecycle states, as well as network and endpoint asset classes
- Experience in analytics and historical data collection tools
- Extensive knowledge and experience performing vulnerability analysis, configuration audits, and security monitoring within tactical and strategic environments
- Proficiency with vulnerability scanning tools and understanding of Vulnerability Management System (VMS) and Continuous Monitoring and Risk Scoring (CMRS)
- Experience with security architectures and administration of Windows, Linux, and UNIX operating systems
- Experience with LAN/WAN network design, isolated networks and systems, patch deployment and system configuration
- Experience with DoD STIGs, IA Tools (SCCVI, SCRI, SCAP, Host Based Security System), and Risk Management Framework
- Experience with Service Now or Remedy
Desired skills:
- Trellix EDR Product Suite (ePO, Endpoint Security, Data Loss Prevention, Application Control, Policy Auditor, ESS/ENS)
- Microsoft Defender Endpoint
- Microsoft Sentinel
- Splunk
- Tenable Products (Security Center, Nessus Network Monitor, Nessus Agents, Log Correlation Engine)
- Windows OS and Server
- Linux
- Unix
- Hyper Convergence Infrastructure (HCI)
- VMware
- Azure Cloud
- Service Now
- Remedy
- Microsoft Visio
