Cyber Security Engineer
ECS Corporate Services

Everforth ECS is seeking a Cybersecurity Engineer to work in our Ft. Meade, MD customer site in a full-time, onsite capacity.

Everforth ECS is seeking a Cybersecurity Engineer to support robust Impact Level (IL) 5 and IL6 programs in an operational DoD environment that houses multiple U.S. Coalition Mission Partner Environments (MPE). This role is heavily focused on serving as the primary ACAS and Trellix engineer responsible for enterprise vulnerability management, endpoint security operations, and maintaining the overall cyber security posture across multiple enclaves. The ideal candidate will have strong hands-on experience administering ACAS infrastructure, managing Trellix ESS through ePolicy Orchestrator (ePO), analyzing vulnerability and endpoint security data, and supporting remediation and compliance efforts in a highly regulated DoD environment.

In addition to ACAS and Trellix administration, the Cybersecurity Engineer will support security monitoring, incident response, vulnerability assessments, endpoint protection, and RMF/STIG compliance activities across cloud, hybrid, and on-premise environments. This role will work closely with infrastructure, operations, and mission partner teams to identify security risks, investigate threats, and ensure enterprise systems remain compliant and operationally secure.

This position is a demanding, high-energy role that requires strong technical expertise in vulnerability management, endpoint security, and cyber operations within classified and mission-critical environments. The ideal candidate has advanced technical acumen; strong analytical thinking and problem-solving skills; and the ability to independently manage and optimize enterprise ACAS and Trellix security operations. The Cybersecurity Engineer reports to the Senior Technical Program Manager and collaborates closely with technical peers.

Responsibilities:

• Act as the primary cyber operations POC for ACAS and Trellix operations within a secure DoD environment
• Serve as the primary SME for enterprise vulnerability management and Trellix endpoint security operations
• Administer and maintain ACAS infrastructure, including Nessus scanners, plugin updates, credentialed scans, and scan scheduling
• Produce ACAS vulnerability reports, metrics, and POA&M tracking artifacts supporting RMF compliance
• Administer and maintain the ESS platform, including ePO policy management, endpoint protection, and agent health
• Monitor and investigate Trellix endpoint alerts, suspicious activity, and security events
• Assist with tuning Trellix detections, exclusions, and alerting logic to reduce false positives
• Support vulnerability remediation efforts with infrastructure and MPE teams
• Monitor and configure alerts and security events within Microsoft Sentinel
• Maintain endpoint security configurations, updates, and compliance across enterprise systems
• Support RMF documentation, security assessments, and compliance activities
• Monitor overall system security posture and identify emerging risks
• Other duties, as assigned.

• U . S. Citizen.
• Active Secret security clearance, with the ability to obtain a Top Secret security clearance with Sensitive Compartmented Information indoctrination (TS/SCI).
• Active DoD 8140 IAT Level II, or higher, certification (e.g., Security+ CE, CCNA Security, CySA+, CISSP, etc.).
• 5+ years of overall IT experience, including systems administration, engineering, networking, or other technical support roles, with at least 4 years of progressive hands-on experience in cybersecurity operations, ACAS vulnerability management, Trellix endpoint security administration, and cybersecurity engineering.
• Ability to work full-time, 5 business days per week, onsite in Ft. Meade, MD.
• Hands-on experience administering the Trellix ESS platform, including policy management, agent deployment, and system administration through ePolicy Orchestrator (ePO).
• Experience:
  • Managing and troubleshooting Trellix endpoint protection technologies, including ENS, DLP, and Host IPS components.
  • Operating and maintaining ACAS vulnerability scanning infrastructure, including Nessus scanners, plugin management, credentialed scans, and scan scheduling.
  • Analyzing ACAS scan results, validating findings, and supporting vulnerability remediation and POA&M tracking efforts.
• Familiarity with:
  • SIEM platforms such as Microsoft Sentinel.
  • DoD cybersecurity frameworks and RMF processes. Ability to assume full ownership and accountability for tasks and deadlines, work with limited supervision, and commit to high quality results and deliverables.
• Understanding of vulnerability remediation workflows and endpoint security operations.
• Strong decision-making ability to weigh the relative costs and benefits of potential actions and identify appropriate solutions, with the ability to present information to senior-level executives, customers, and other key stakeholders.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).