HBSS / Trellix Endpoint Security Systems Administrator (Onsite – Key West, FL)

HBSS / Trellix Endpoint Security Systems Administrator (Onsite – Key West, FL)

Clearance Required: Active TS/SCI (DoD) | Onsite Only | No Remote

We’re seeking a senior HBSS / Trellix Endpoint Security Systems Administrator to support a mission-critical DoD program onsite in Key West, FL. This role is hands-on and focused on day-to-day endpoint security operations, vulnerability management, STIG compliance, and incident response in classified environments.

What You’ll Do

You’ll own continuous monitoring, analysis, and response to security events using endpoint security platforms such as Trellix and QRadar. You’ll implement and maintain DISA STIGs across endpoint security tools, run compliance checks using SCAP Compliance Checker and STIG Viewer, and maintain documentation for audits and inspections.

You’ll manage operating system and application patching in line with federal patch management policies, coordinate deployment schedules to minimize operational impact, validate patch success, and troubleshoot post-update issues. You’ll apply system hardening practices aligned with DoD and NIST standards and maintain secure configuration baselines across Windows, Linux, and virtualized environments.

You’ll support security audits and inspections, assist with vulnerability and misconfiguration response, produce incident documentation, and contribute to lessons-learned reporting. You’ll collaborate closely with system administrators, engineers, and compliance teams and provide regular reporting and briefings to federal stakeholders on vulnerability management and compliance posture.

Required Qualifications

• Bachelor’s degree + 5 years of relevant experience OR 9+ years of cybersecurity experience in lieu of a degree.
• Substitutions: High School + 4 years; Associate’s + 2 years; Master’s (-2 years); PhD (-4 years).
• 9+ years in IT assessment, security audit, or related roles.
• Strong understanding of infrastructure, data, application security, and risk management.
• Knowledge of CMRS, NIST, ISO 27001, and related frameworks.
• Current DoD 8570 baseline certification.
• HBSS 201, 301, and 501 certifications.
• Understanding of RMF, NIST, ICD, and CNSS standards.
• LAN/WAN and classified network experience, including crypto and key management.
• STIG compliance experience; familiarity with SCC/STIG Viewer and ACAS.
• Experience supporting Microsoft Windows, Linux, and virtualized systems in secure environments.
• Ability to operate effectively in changing regulatory environments.
• Strong communication and teamwork skills.
• Active DoD TS/SCI clearance required.

Key Responsibilities

• Continuous monitoring, analysis, and response to security events using Endpoint Security tools such as Trellix and Qradar.

STIG Application and Compliance

• Implement and maintain STIGs across Endpoint Security tools.
• Conduct compliance checks using SCAP Compliance Checker and STIG Viewer.
• Maintain documentation for STIG configurations and remediation actions to support audits.

Patching and System Updates

• Manage and deploy operating system and application patches in accordance with federal patch management policy.
• Coordinate deployment schedules to reduce operational impact while ensuring compliance.
• Validate patch installation success and resolve post-update issues.

System Hardening

• Apply system hardening practices aligned with federal standards.
• Maintain secure configuration baselines supporting DoD and NIST compliance.

Incident Response Support

• Support security audits and inspections; perform risk assessments and continuous monitoring.
• Assist in vulnerability and misconfiguration response efforts.
• Produce incident documentation and contribute to lessons-learned reporting.

Collaboration and Reporting

• Collaborate with system administrators, engineers, and compliance teams.
• Provide reporting and briefings to federal stakeholders on vulnerability management and compliance status.
• Support enforcement of information security policies and procedures.

Tool Utilization

• Trellix Security Platform Suite (ePO, ENS, DLP, AP, TA, TIE, DXL, EDR, HX, GOTS)
• ACAS (Tenable)
• IBM Qradar

Desired Qualifications

• Security+ or CISSP (or equivalent).
• Trellix DLP administration experience.
• Trellix Policy Auditor experience.
• Security hardening background.
• CMRS analysis and troubleshooting experience.