Trace Systems

Returning Candidate?

Endpoint Security / HBSS Engineer

Endpoint Security / HBSS Engineer

Job ID 
# of Openings 
Job Locations 
Posted Date 

More information about this job


Trace Systems, headquartered in Vienna, Virginia, was founded in 1999 to support and defend our nation's security interests at home and abroad–– whenever and wherever. We provide cybersecurity, intelligence, communications, networking and information technology services, systems, and solutions to the United States Department of Defense, Intelligence Community and Department of Homeland Security


Job Title:  Endpoint Security / HBSS Engineer


Job Location:  DC Metro


Security Clearance:  Interim TS/SSBI

Job Responsibilities

  • The Endpoint Security / HBSS Engineer will configure and sustain HBSS solutions across multiple operational network environments. 
  • The engineer will perform system administration of HBSS servers, including ePolicy Orchestrator upgrades and client product patches, and will sustain the full capabilities of HBSS to all enterprise-wide managed systems including, but not limited to, agent deployments, policy enforcement, reporting and compliance. 
  • Maintain HBSS compliance with DISA, US Cyber Command, and operations orders (OPORDs), Fragmentary orders (FRAGOs), Change Tasking Orders (CTOs), and other DoD configuration compliance requirements. 
  • Provide guidance in all aspects of HBSS support to include account setups, port enabling, deploying and loading agents, policies, and modules. 
  • Monitor and ensure DISA Security Technical Implementation Guide (STIG) compliance. 
  • Perform vulnerability scans and troubleshoot / fix issues detected by the scans.  Review scan results and provide recommendations to systems administrators and the Information Assurance (IA) team. 
  • Support IA personnel to ensure security architecture, design, and implementation is in accordance with DoD regulations. 
  • Perform vulnerability and risk analysis of computer systems and applications during all phases of the system development life cycle. 
  • Provide technical support to the IA personnel to develop and maintain processes and procedures regarding computer network defense and in-depth protection for the enterprise.
  • Generate and support updates to and maintenance of POA&Ms. 
  • Support development of RMF Security Plans. 
  • Document changes to systems and all required checklists for use within the configuration baseline. 
  • Analyze server and workstation applications to identify initial HIPS policy, test policy in available test environment, and deploy HIPS with associated standard policy. 
  • Provide recommendations for policy refinement and best business practices to operation teams for consideration. 
  • Responsible for writing reports as required on issues to include: network security assessments; security monitoring; changes in security regulations, best practices, countermeasures, compliance and threats; technical designs; status on actions taken.

Minimum Qualifications

  • Minimum ten years of experience:Developing, directing, and implementing enterprise network cyber defense capabilities in a DOD environment,Reviewing/revising, and managing HW/SW/Security Baseline releases and process improvement activities for enterprise level security process/validation/verification best practices and infrastructure.
  • Minimum 5 years of experience engineering, deploying, and sustaining HBSS in a DOD environment.
    Solid understanding of the operating concepts of Windows Server Operating Systems 2008 and higher in a federal government enterprise environment: Active Directory, DNS, DHCP…etc.
  • Solid understanding of Windows Client Operating Systems, Windows XP and higher in a federal government enterprise environment
  • Solid understanding of enterprise networking fundamentals: Switching and Routing, 802.1q, 802.1x, etc.
  • Demonstrated successful, progressive experience in systems implementation, vulnerability assessments, consulting, dispersed team management, risk assessment and accreditation.
  • Experience with McAfee HBSS products including: ePolicy Orchestrator (ePO), Host Intrusion Prevention Systems, Antivirus (AV), Policy Auditor (PA), Asset Baseline Module (ABM), Data Loss Prevention (DLP), and RSD. Must be familiar with the installation and maintenance of these various products.
  • Required certifications:DOD 8570 IAT-2,DISA HBSS 201, 301, and 501 courses

Desired Qualifications

  • Certified Information Systems Security Professional (CISSP) certification strongly preferred

Security Clearance

  • Minimum Interim TS.  Must be compliant with IT-1 requirements.


To Apply: We invite you to put your talents to work by joining a growing team of dynamic professionals here at Trace Systems! Be part of a culture at our leading edge company where you can achieve great things while fostering a satisfying and rewarding career progression. Please apply directly through the website at:      #jointracesystems


For any additional questions or to submit any referrals, please contact

Trace Systems is an Equal Opportunity and Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.


Connect With Us!

Not ready to apply? Connect with us for general consideration.