SITEC - Endpoint Security Engineer - MacDill AFB

Peraton requires System Engineers to support the Special Operation Command Information Technology Enterprise Contract (SITEC) – 3 EOM.  This position is located at MacDill AFB in Florida. The purpose of the Special Operations Forces Information Technology Enterprise Contract (SITEC) 3 Enterprise Operations and Maintenance (EOM) Task Order (TO) is to provide USSOCOM, its Component Commands, its Theater Special Operations Commands (TSOCs), and its deployed forces with Operations and Maintenance (O&M) services to maintain Network Operations (NetOps); maintain systems and network infrastructure; provide end user and common device support; provide configuration, change, license, and asset management; conduct training, and perform Install, Move, Add, Change (IMACs) services. The responsibilities and tasks associated with each requirement play a pivotal role to USSOCOM, the CIO/J6 organization, and ultimately the end-user who operate around the globe 24x7x365. The Systems Engineer is a motivated Endpoint and Cloud Security professional responsible for the technical support, administration, and ongoing maintenance of our endpoint and cloud security solutions, with a primary focus on the Trellix Endpoint Security Suite (ESS) and the Microsoft Defender Suite. This role requires a solid understanding of modern security principles and hands-on experience with the specified technologies to ensure the operational health and effectiveness of our security posture. Engineer and Optimize Security Platforms: Lead the continuous tuning and hardening of the Trellix and Microsoft Defender suites. Go beyond default configurations to optimize performance, reduce agent overhead, and increase detection efficacy. Collaborate with infrastructure, application support, and identity and access management (IAM) teams to support security integrations across the technology environment. Work to ensure all systems remain compliant with internal security policies and external directives (e.g., DISA STIGs, USCYBERCOM orders), including preparing for and supporting security inspections and audits. Ensure all endpoint and cloud security platforms are correctly configured and optimized for performance, availability, and security under the guidance of senior team members. Perform the deployment, configuration, and maintenance of the Trellix Endpoint Security Suite (ESS) and the full Microsoft Defender Suite (including Defender for Endpoint, Identity, Cloud Apps, and Office 365). Automate Security Operations: Identify and eliminate manual processes by developing automation scripts and playbooks (e.g., using PowerShell, Python, or SOAR capabilities) for tasks such as agent health remediation, incident data enrichment, and compliance reporting. Modernize and Integrate the Security Stack: Engineer robust integrations between endpoint security platforms and other ecosystem tools (e.g., SIEM, SOAR, Threat Intelligence Platforms) using APIs to streamline workflows and enhance overall security visibility. Enhance Attack Surface Reduction: Systematically analyze the environment using tools like Defender's Threat & Vulnerability Management (TVM) and Trellix insights to identify and engineer solutions that reduce the enterprise attack surface. Optimize Telemetry and Data Collection: Fine-tune endpoint agent policies and sensor configurations to produce high-value, low-noise data streams. Ensure endpoint and application detection and protection rules are implemented based on environmental considerations. Manage Platform Health and Lifecycle: Contribute to the strategic lifecycle management of endpoint agents and infrastructure, planning for major version upgrades, testing new features, and ensuring the long-term health and scalability of the platforms. Serve as a Technical Expert: Act as a technical resource for the Security Operations Center (SOC) during complex incident response scenarios, providing deep platform-specific expertise. Create and Maintain Engineering-Level Documentation: Document custom configurations, automation scripts, integration architectures, and advanced operational procedures to ensure solutions are supportable and scalable.