Trellix Subject Matter Expert (SME) at Apavo Corporation – Arlington, Virginia

Job Title: Trellix Subject Matter Expert (SME)

Location: Arlington, VA

Department: Cyber Security Services

Reports To: Management

FLSA Status: Full Time/Non-exempt

Description:

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

Job Purpose:

The Trellix Subject Matter Expert (SME) is responsible for the day-to-day administration, optimization, and technical oversight of the Trellix security platform suite in support of the Multi-Network Support Services (MNSS) contract at DARPA. This role serves as the primary technical authority on all Trellix-based endpoint detection and response (EDR), data loss prevention (DLP), email security, and ePolicy Orchestrator (ePO) capabilities deployed across DARPA’s unclassified and classified network environments. The Trellix SME ensures that the platform operates at peak effectiveness, that policies are properly configured and enforced, and that the security team has the visibility and tooling needed to detect and respond to threats in real time.

In this role, the Trellix SME is a hands-on technical practitioner responsible for the full lifecycle management of Trellix tools—from deployment and configuration to daily health monitoring, policy tuning, integration management, and incident support. The Trellix SME works closely with SOC analysts, ISSOs, system owners, and engineering teams to align platform capabilities with mission requirements, compliance obligations, and evolving threat conditions. This position requires deep product expertise, a strong understanding of DoD cybersecurity requirements, and the ability to operate effectively across multiple classification environments.

Duties & Responsibilities:

Trellix SME responsibilities include, but are not limited to:

Day-to-Day Platform Administration:

• Serve as the primary Trellix platform administrator, managing day-to-day operations of Trellix ePO (now Trellix ePolicy Orchestrator), EDR, DLP, and email security modules across all assigned environments.
• Monitor platform health, agent connectivity, and policy compliance on a daily basis, resolving issues promptly to maintain continuous endpoint coverage.
• Maintain and update endpoint agent deployments, ensuring all systems across classified and unclassified enclaves are current, compliant, and fully instrumented.
• Manage and execute scheduled tasks, product deployments, patch pushes, and policy updates through ePO.
• Perform routine platform maintenance including log reviews, database health checks, backup verification, and capacity monitoring.

Policy Configuration & Tuning:

• Develop, implement, and continuously tune Trellix security policies (AV, EDR, DLP, firewall, application control) to align with DARPA mission requirements, DISA STIGs, and federal security standards.
• Analyze detection data and false positive/negative trends, adjusting policies and exclusions to improve detection fidelity and reduce operational noise for SOC analysts.
• Coordinate policy changes with ISSOs, system owners, and the SOC to ensure updates do not adversely impact mission-critical operations.
• Maintain version-controlled documentation of all policy configurations, changes, and justifications.

Incident Support & Threat Response:

• Provide direct technical support to SOC analysts and incident responders by leveraging Trellix EDR and DLP data to investigate alerts, identify indicators of compromise (IOCs), and support containment actions.
• Execute endpoint isolation, forensic data collection, and remediation actions through Trellix tools in response to confirmed or suspected security incidents.
• Develop and maintain Trellix-specific response playbooks and investigation guides for use by SOC Tier 1–3 analysts.
• Participate in incident response activities, post-incident reviews, and lessons learned sessions, incorporating findings into platform improvements.

Integration & Engineering Support:

• Manage and maintain integrations between Trellix and other security platforms, including SIEM (e.g., Splunk), SOAR, ticketing systems, and threat intelligence feeds.
• Collaborate with SOAR engineers to develop automated response actions leveraging Trellix APIs and event data.
• Support the onboarding of new systems and enclaves into the Trellix management infrastructure, ensuring consistent policy application and visibility.
• Evaluate new Trellix product capabilities, updates, and releases; provide recommendations on adoption and implementation.

Compliance & Documentation:

• Ensure all Trellix platform configurations comply with applicable NIST controls, DISA STIGs, DoD directives, and ATO requirements.
• Maintain accurate and up-to-date platform documentation including system architecture diagrams, configuration baselines, and standard operating procedures.
• Support A&A/RMF activities by providing Trellix-related artifacts, evidence, and technical input to ISSOs and security assessment teams.
• Generate and deliver regular platform performance and compliance reports to program leadership and government stakeholders.
• Other duties as assigned.

The Trellix SME is expected to have additional duties as assigned in support of corporate cybersecurity services. Additional details are reviewed in accordance with company policies.

Other:

This is typical office or administrative work, and there is no exposure to adverse environmental conditions.

This position requires sedentary work. Sedentary work is defined as: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.

Apavo Corporation provides equal employment opportunities to all applicants and employees and strictly prohibits any type of harassment or discrimination in regards to race, religion, age, color, sex, disability status, national origin, genetics, sexual orientation, protected veteran status, gender expression, gender identity, or any other characteristic protected under federal, state, and/or local laws.

Consistent with the Americans with Disabilities Act (ADA), it is the policy of Apavo Corporation to provide reasonable accommodation when requested by a qualified applicant or employee with a disability, unless such accommodation would cause an undue hardship. The policy regarding requests for reasonable accommodation applies to all aspects of employment, including the application process. If reasonable accommodation is needed, please contact Apavo Human Resources at hr@apavo.com or 571-407-0069

Employment with Apavo Corporation is on an at-will basis, meaning either you or the Company can terminate the employment relationship, at any time, for any or no reason, and with or without cause or notice. As an at-will employee, your employment with Apavo Corporation is not guaranteed for any length of time.

Qualifications:

Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.

5+ years of professional experience in cybersecurity, with at least 3+ years of hands-on experience administering Trellix (formerly McAfee) enterprise security platforms.

Must currently possess an active TS/SCI clearance with the ability to obtain and maintain a CI polygraph.

IAT Level II or higher certification required (e.g., CASP+, CISSP, CEH, CCNA-Security, CySA+).

Trellix/McAfee product certifications (e.g., McAfee Certified Product Specialist – ePO, EDR, or DLP) strongly preferred.

Deep hands-on expertise with Trellix ePO, Trellix EDR, Trellix DLP, and Trellix Email Security in enterprise environments.

Experience managing Trellix deployments in classified DoD or IC environments, including air-gapped and cross-domain architectures.

Strong understanding of endpoint security concepts, DLP policy frameworks, and behavioral analytics.

Experience integrating Trellix with SIEM platforms (Splunk, QRadar, or equivalent) and SOAR solutions.

Familiarity with NIST SP 800-53, DISA STIGs, RMF, and ATO lifecycle processes as they apply to endpoint security tooling.

Proficiency with Windows and Linux operating systems at an administrative level.

Strong analytical and troubleshooting skills with the ability to diagnose complex platform and policy issues across large, distributed environments.

Effective written and verbal communication skills; ability to produce clear technical documentation and present findings to non-technical stakeholders.

Experience with scripting (PowerShell, Python, or Bash) for automation and platform management preferred.