Endpoint Security Solutions Lead SME

Everforth ECS is seeking a Product Manager SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI‑First strategy introduced in early 2026. The WDP focuses on operational warfighting data and aims to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts. 

• The Endpoint Security Solutions Lead SME is a senior subject matter expert responsible for leading enterprise endpoint protection, detection, and response operations across WDP-supported DoW mission systems in unclassified and classified environments. Drawing on ECS's proven track record in large-scale endpoint security operations—including the transition of more than 750,000 Army endpoints onto the Army Endpoint Security Solution (AESS) 2.0 with zero operational gaps —this role is expected to deliver the same standard of rigor, discipline, and mission assurance to the WDP Core Integration enterprise.
• Leads enterprise endpoint security operations supporting Department of War mission systems across unclassified and classified environments.
• Operates and sustains endpoint protection platforms including Host-Based Security System, antivirus services, endpoint detection and response tooling, and compliance monitoring agents deployed across workstation and server fleets.
• Configures and tunes endpoint security policies to enforce DoW cybersecurity baselines while maintaining operational availability for Combatant Command and Defense Agency missions.
• Investigates endpoint alerts related to malware activity, suspicious behavior, and policy violations using centralized consoles, SIEM integrations, and forensic utilities.
• Coordinates containment, eradication, and recovery actions with system administrators, network defenders, and incident response teams in accordance with approved response procedures.
• Deploys endpoint security updates, agent upgrades, and signature releases while validating successful propagation and system health.
• Monitors endpoint compliance posture against configuration baselines, patch requirements, and IAVA directives, documenting results within continuous monitoring repositories.
• Produces endpoint security status reports, incident summaries, and compliance dashboards for cybersecurity leadership and Authorizing Officials using ServiceNow, SharePoint, and reporting platforms.
• Supports audits, inspections, and authorization activities through defensible evidence collection and traceability.
• Delivers measurable improvements in threat detection coverage, response timeliness, endpoint hygiene, and mission resilience while reinforcing program values of operational readiness, cyber discipline, accountability, and information protection.
• Performs other duties as assigned.