Staff Endpoint Security Engineer

Responsibilities:

• Develop, implement, and maintain a comprehensive endpoint security strategy, architecture, and roadmap covering all corporate and BYOD endpoints, with a focus on proactive defense and detection engineering.
• Design and enforce security configurations, hardening standards, and baselines for diverse operating systems (Windows, macOS, ChromeOS, iOS, Android, and potentially others) to minimize attack surfaces.
• Lead the selection, deployment, administration, and optimization of endpoint security solutions, including Endpoint Detection and Response (EDR/XDR) for threat detection, Mobile Device Management (MDM/UEM) for policy enforcement, Data Loss Prevention (DLP) for data protection, anti-malware, and endpoint encryption.
• Develop and implement robust DLP policies and controls to prevent PHI and other sensitive data from leaving authorized systems via endpoints.
• Manage endpoint encryption technologies (e.g., BitLocker, FileVault, mobile encryption) to ensure data at rest is protected.
• Proactively look for threats on endpoints to identify gaps in defenses and inform the development of new detection capabilities.
• Support and provide expertise during incident response activities for endpoint-related security events, with a focus on root cause analysis to enhance preventative and detective controls.
• Conduct vulnerability assessments, manage endpoint patching and remediation efforts to address identified weaknesses in a timely manner, strengthening overall endpoint resilience.
• Develop, document, and enforce endpoint security policies, standards, and procedures, particularly for BYOD environments, ensuring compliance with HIPAA and other relevant regulations.
• Automate endpoint security tasks, compliance checks, defensive measure deployments, and reporting using scripting languages (e.g., Python, Go) and security orchestration tools.
• Collaborate closely with IT operations, network security, application development, and legal/compliance teams to ensure a cohesive security posture and integrate endpoint defenses.
• Provide expert consultation and support to end-users and IT staff on endpoint security matters and best practices.
• Stay current with the latest endpoint threats, vulnerabilities, and security technologies to continuously improve our defenses.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5+ years of experience in endpoint security, with a strong emphasis on designing, building, implementing, and managing security controls, detection mechanisms, and defensive capabilities across a diverse range of endpoint operating systems (Windows, macOS, iOS, Android).
• Proven hands-on experience with leading Endpoint Detection and Response (EDR/XDR) solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black) for threat detection engineering and security policy enforcement.
• Demonstrable experience with Mobile Device Management (MDM) / Unified Endpoint Management (UEM) platforms (e.g., Microsoft Intune, Jamf Pro, VMware Workspace ONE, Kandji, MobileIron) for enforcing security configurations and policies.
• Strong knowledge of endpoint hardening techniques, security configuration management, and policy enforcement across multiple OS platforms, with a focus on building resilient systems.
• Experience designing and implementing endpoint Data Loss Prevention (DLP) strategies and tools.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating endpoint security tasks, tool integrations, and deployment of defensive measures.
• Experience with endpoint attack vectors, malware, persistence mechanisms, and designing effective mitigation and detection techniques.
• Experience with endpoint vulnerability management, patch management processes, and tools, focused on proactive remediation.
• Experience with network security principles (TCP/IP, DNS, DHCP, VPNs, firewalls) as they relate to designing and implementing endpoint security controls.
• Experience working in regulated environments and a strong understanding of HIPAA compliance requirements as they apply to endpoint protection and data handling.