We are looking for a proactive Endpoint Security Engineer to become the cornerstone of our enterprise endpoint protection strategy. In this role, you will not just respond to threats-you will architect the systems and automation that prevent them. You will have a direct impact on our security posture, working with cutting-edge tools to ensure our endpoints are secure, compliant, and hardened against evolving cyber threats.
Key Responsibilities:
As our Endpoint Security Engineer, you will be at the forefront of our defensive operations. Your primary duties will include:
- Vulnerability & Patch Management: Own the end-to-end vulnerability management lifecycle for all enterprise endpoints. Lead the deployment of security patches and remediation packages to minimize our attack surface.
- Endpoint Hardening & Configuration: Design, implement, and maintain endpoint hardening standards using CIS benchmarks. Manage device configuration profiles to ensure precise and efficient security control application.
- Automation & Efficiency: Develop and maintain automated scripts (PowerShell) to streamline software deployment, patch remediation, and security configuration tasks, reducing manual effort and human error.
- Advanced Support & Analysis: Serve as the top-tier escalation point for complex endpoint security issues. Conduct deep-dive root cause analysis for patch failures and recurring vulnerabilities, implementing long-term solutions.
- Collaboration & Compliance: Partner with the broader security and IT teams to align endpoint security efforts with organizational policies and regulatory requirements (e.g., NIST, ISO 27001).
- Reporting & Metrics: Monitor, measure, and report on remediation progress, patch compliance rates, and the overall effectiveness of our endpoint security controls using tools like ServiceNow.
Required Qualifications & Skills:
- Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
- 3+ years of hands-on experience in endpoint security management, with a focus on vulnerability management and patch deployment.
- Proven expertise in Microsoft Endpoint Manager (Intune) and Microsoft Configuration Manager (SCCM/MECM).
- Strong proficiency in PowerShell scripting for automation and tool integration.
- Solid understanding of Microsoft 365 security and administration concepts.
- Practical experience with Active Directory and Group Policy management for security configuration.
- Familiarity with major cloud platforms (Microsoft Azure is a must AWS is a plus).
- Excellent analytical, troubleshooting, and problem-solving skills.
- Strong communication skills with the ability to collaborate effectively across technical and non-technical teams.
Preferred Qualifications (Bonus Points):
- Certifications: Microsoft SC-200 (Security Operations Analyst), Microsoft MD-102 (Endpoint Administrator), ISC2 Certified in Cybersecurity (CC), or similar.
- Tools Experience:
Endpoint Management: VMware Workspace ONE
Vulnerability Scanning: Qualys, Tenable
Advanced Security: Carbon Black, Zscaler, Ivanti Secure Access
ITSM/Reporting: ServiceNow for dashboard and report creation
