Windows Domain Controller/Active Directory & Trellix/McAfee ePolicy Orchestrator Administrator

Windows Domain Controller/Active Directory and Trellix/McAfee ePolicy Orchestrator Administrator

Senior Network Engineer/System Administrator with extensive Active Directory, Windows Domain Controller, and Trellix/McAfee ePolicy Orchestrator (ePO) experience. Deep expertise in implementing, managing, and optimizing ePO, Policy Auditor, and other components of the DISA Endpoint Security Solutions suite of tools in DoD environments.

Location - San Antonio, TX

Clearance - Secret Clearance Required

Technical Skills and Experience

• Active Directory (AD) & Domain Controller (DC) Administration
  • 5+ years managing Windows Server environments with Active Directory in large/complex networks.
  • Deep understanding of AD replication, Kerberos, LDAP, Group Policy, and FSMO roles.
  • Familiarity with performance tuning and troubleshooting on DCs.
• Windows Server Administration
  • Expertise in Windows Server 2016/2019/2022 internals, registry, event logs, and system services.
  • Knowledge of Windows security baselines (CIS, DISA STIG).
  • Prior experience deploying enterprise tools on DCs (AV, endpoint protection, vulnerability scanning).
• McAfee ePolicy Orchestrator (ePO) & Policy Auditor
  • Experience configuring, deploying, and managing agents/policies through ePO.
  • Understanding of Policy Auditor content packs, custom checks, and compliance reporting.
• Security Compliance & Vulnerability Management
  • Ability to map technical checks to compliance frameworks (e.g., NIST 800-53, PCI-DSS, SOX).
  • Familiarity with vulnerability and patch management processes.
• Performance & Monitoring Tools
  • Skilled with Windows PerfMon, Resource Monitor, and event tracing to baseline DC performance.
  • Ability to correlate PA scan impact with AD health (replication monitoring, dcdiag, repadmin).
• Scripting & Automation
  • Proficiency in PowerShell to automate pre-deployment health checks, reporting, and rollbacks.
  • Experience integrating scan results into SIEM dashboards or compliance workflows.

Education & Certifications

• A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science
• Relevant continuing education in enterprise security or systems administration.
• Microsoft Certified: Azure Administrator Associate or Microsoft Certified: Windows Server Hybrid Administrator Associate or Microsoft Certified: Identity and Access Administrator Associate.
• Highly Desired Any of the following:

• CompTIA Security+ CE
• CISSP
• CISA
• GIAC Certified Windows Security Administrator (GCWN) or GIAC Security Essentials (GSEC)
• Trellix Certified Product Specialist (ePO)

Key Tasks:

• Design, engineer, update, and maintain ePolicy Orchestrator implementations across the enterprise.
• Ensure compliance with DISA STIGs, DoD ICAM Reference Design, and DoDI 8520.03.
• Design, build, and test configuration items such as task sequences, group policy objects, and system upgrades.
• Research, analyze, and implement operational solutions across various technologies and operating systems using on-premises Group Policy, cloud-enabled policies, and Kiosk configurations for Windows, Linux, iOS, MacOS, ChromeOS, and Android endpoints.
• Design, research, engineer, and deploy strategies for policy distribution in high-security cloud environments.
• Provide Site Administrator support and Enterprise monitoring for Group Policy Objects, including initial troubleshooting and the addition of Security Groups to Group Policy Objects.
• Expertise in DoD security directives, DISA STIGs, and DHA cybersecurity requirements.