Job Description

We are looking for a proactive Endpoint Security Engineer to become the cornerstone of our enterprise endpoint protection strategy. In this role, you will not just respond to threats--you will architect the systems and automation that prevent them. You will have a direct impact on our security posture, working with cutting-edge tools to ensure our endpoints are secure, compliant, and hardened against evolving cyber threats.

Key Responsibilities:

As our Endpoint Security Engineer, you will be at the forefront of our defensive operations. Your primary duties will include:

Vulnerability & Patch Management:

Own the end-to-end vulnerability management lifecycle for all enterprise endpoints. Lead the deployment of security patches and remediation packages to minimize our attack surface.

Endpoint Hardening & Configuration:

Design, implement, and maintain endpoint hardening standards using CIS benchmarks. Manage device configuration profiles to ensure precise and efficient security control application.

Automation & Efficiency:

Develop and maintain automated scripts (PowerShell) to streamline software deployment, patch remediation, and security configuration tasks, reducing manual effort and human error.

Advanced Support & Analysis:

Serve as the top-tier escalation point for complex endpoint security issues. Conduct deep-dive root cause analysis for patch failures and recurring vulnerabilities, implementing long-term solutions.

Collaboration & Compliance:

Partner with the broader security and IT teams to align endpoint security efforts with organizational policies and regulatory requirements (e.g., NIST, ISO 27001).

Reporting & Metrics:

Monitor, measure, and report on remediation progress, patch compliance rates, and the overall effectiveness of our endpoint security controls using tools like ServiceNow.

Required Qualifications & Skills:

Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience. 3+ years of hands-on experience in endpoint security management, with a focus on vulnerability management and patch deployment. Proven expertise in

Microsoft Endpoint Manager (Intune)

and

Microsoft Configuration Manager (SCCM/MECM)

. Strong proficiency in

PowerShell

scripting for automation and tool integration. Solid understanding of

Microsoft 365

security and administration concepts. Practical experience with

Active Directory

and

Group Policy

management for security configuration. Familiarity with major cloud platforms (

Microsoft Azure

is a must; AWS is a plus). Excellent analytical, troubleshooting, and problem-solving skills. Strong communication skills with the ability to collaborate effectively across technical and non-technical teams.

Preferred Qualifications (Bonus Points):

Certifications:

Microsoft SC-200 (Security Operations Analyst), Microsoft MD-102 (Endpoint Administrator), ISC2 Certified in Cybersecurity (CC), or similar.

Tools Experience:

Endpoint Management: VMware

Workspace ONE

Vulnerability Scanning: Qualys, Tenable


Advanced Security:

Carbon Black

,

Zscaler

, Ivanti Secure Access


ITSM/Reporting:

ServiceNow

for dashboard and report creation