Host Based Security System (HBSS) Engineer - Military veterans preferred

ManTech (


  full-time   employee   contract

United States

ManTech is seeking a Host Based Security System (HBSS) Engineer to support the Marine Corps Intelligence, Surveillance, and Reconnaissance Enterprise (MCISRE) in Stafford, VA. Responsibilities include the security engineering and system administration of enterprise and local systems and servers across multiple security domains.

An active DoD TS/SCI clearance is required for this position (In JPAS)

General Responsibilities:

  • Maintain the HBSS environment to ensure compliance across the enterprise
  • Stay current with latest DoD, Navy, and Marine Corps IA doctrine
  • Generate and maintain security documentation for system hardware and software, to include System Security Plans, equipment lists, practices, and procedures
  • Assess the performance of IA security controls within the IT infrastructure
  • Identify IA vulnerabilities resulting from a departure from approved procedures and plans
  • Evaluate potential IA security risks and take appropriate corrective, mitigation, and recovery actions
  • Oversee that applicable patches are implemented, including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), technical advisories (TA), and OPDIRs
  • Research, evaluate, and provide feedback on problematic IA trends and patterns in customer support requirements
  • Perform system audits to assess security related factors within the IT infrastructure
  • Review response actions to security incidents
  • Should include the ability to identify and analyze security requirements to recommend upgrades, patches, new applications, necessary equipment, and technical support and guidance to users
  • Respond to Cyber Security Incidents as they occur
  • Updating/patching the software with the latest plugins
  • Creating/updating custom reports
  • Support and assist in the development of system security packages based on current doctrine
  • Participate in self and independent verification and validation (IV&V) assessments aligned with Marine Corps policy. Applicable testing includes but not limited to; DoD approved automated tools (Kali Linux, ACAS, Wireshark, nMap), security readiness reviews, Security Technical Implementation Guidance (STIGs) and manual security checklists.
  • Conduct security impact analysis.
  • Develop custom tools and attack scripts for vulnerability exploitation.
  • Provide input into the security design and architecture of all IT systems by implementing system security mechanisms and providing cyber security guidance.
  • Conduct an evaluation of the system architectures and identify whether or not security engineering and principles are embedded throughout the system.
  • Support the installation of new or modified hardware, operating systems, and software applications ensuring integration with cyber security requirements for the systems.
  • Apply group policies changes, Security Technical Implementation Guide (STIGs) and any other security protection mechanisms.
  • Other duties as required

Mandatory Skills Requirements:

  • Bachelor’s Degree (+7 years’ experience), Associate’s Degree (+10 years’ experience), or High School Diploma (+12 years’ experience)
  • TS/SCI clearance
  • Shall meet DOD 8570 requirements for IAT II or higher:
  • Required Certification [one required]: CCNA Security, GICSP, GSEC, Security+ CE, SSCP
  • Must be proficient with McAfee ePolicy Orchestrator (ePO):
  • Must be familiar with the Assured Compliance Assessment Solution (ACAS) and how to read scan results

Other Skills Preferred:

  • Preferred Certifications: CEH, CFR, GCFA, GCIH, SCYBER
  • Familiar with installation, configuration, and upgrade of McAfee ePO On premises deployment
  • Familiar with the entire suite of products managed by McAfee ePO:
  • Endpoint Protection (Threat Prevention, Firewall, Web Control)
  • MVISION Endpoint compliments Windows Defender with Advanced Threat Protection
  • Drive Encryption
  • File and Removable Media Protection
  • Active Response
  • Management for Optimized Virtual Environments (McAfee MOVE)
  • Data Loss Prevention (McAfee DLP)
  • Policy Auditor
  • Enterprise Security Manager
  • Threat Intelligence Exchange
  • Application Control
  • Cloud Workload Security
  • Advanced Threat Defense
  • Content Security Reporter
  • Database Activity Monitoring
  • Data Exchange Layer (DXL)
  • Completed the DISA HBSS training
  • Completed the DISA ACAS training
  • SPLUNK/Audit log history analysis
  • Familiarity with Websense content filter
  • Familiar with Incident Response tools such as FTK Access Data, Snort, and Wireshark
  • Familiar with the Risk Management Framework (RFM) process
  • Familiar with Security Technical Implementation Guidance (STIGs), manual checks, POAM reporting, and mitigation statements
  • Knowledge of information security systems and applications for DoD projects
  • Other Emerging IA policies