Sr. Endpoint Security Engineer

Job Designation: Endpoint Security Engineer

About the Role

The Endpoint Security Engineer is a critical role responsible for safeguarding endpoints, including

desktops, laptops, servers, and mobile devices, from cyber threats. This position involves

implementing, managing, and monitoring endpoint security solutions to protect against malware,

ransomware, data breaches, and other security incidents. The Endpoint Security Engineer will

work closely with the IT and security teams to develop and enforce security policies, conduct

vulnerability assessments, and respond to security incidents. This role requires a deep

understanding of endpoint security technologies, threat landscapes, and security best practices.

The Endpoint Security Engineer will also be responsible for staying up-to-date on the latest

security threats and trends, and for recommending and implementing new security measures to

protect our organization's endpoints.

Core Objective

The primary objective of the Endpoint Security Engineer is to ensure the confidentiality, integrity,

and availability of our organization's endpoint devices and the data they contain. This involves

implementing and maintaining endpoint security solutions, such as endpoint detection and

response (EDR) systems, antivirus software, and host-based firewalls. The Endpoint Security

Engineer will also be responsible for developing and enforcing security policies and procedures,

conducting security awareness training for employees, and responding to security incidents. This

role requires a proactive approach to security, with a focus on identifying and mitigating potential

threats before they can impact our organization. The Endpoint Security Engineer will also be

responsible for collaborating with other IT and security teams to ensure a coordinated and

effective security posture.

Core Responsibilities

Malicious Code Protection:

• Implement and manage endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions
• Configure and maintain antivirus software and malware protection mechanisms
• Develop and enforce policies for malicious code detection and response
• Monitor and analyze security alerts related to malware detection
• Conduct regular testing of malware protection systems
• Maintain signature databases and behavioral analysis rules
• Implement signature-based and behavioral-analysis protection mechanisms
• Configure automatic updates for malware protection systems
• Perform weekly full-system scans and real-time scanning of external files
• Block or quarantine detected malicious code
• Configure alert notifications and logging
• Conduct monthly testing of protection mechanisms

Security Configuration Management:

• Establish and maintain baseline security configurations for all endpoint systems
• Implement least privilege access controls and application whitelisting
• Manage system hardening procedures and security standards compliance
• Oversee configuration change management processes
• Enforce security policies for software installation and system modifications
• Document and maintain security configuration standards
• Implement DoD STIG-compliant security configurations
• Configure systems for mission-essential capabilities only
• Enforce allow-list policies for software execution
• Maintain baseline configurations
• Document and track configuration changes
• Implement least functionality principles

Patch, Vulnerability & Exposure Management:

• Coordinate vulnerability scanning and assessment programs
• Manage patch deployment and validation processes
• Conduct risk assessments of identified vulnerabilities
• Prioritize and track remediation efforts
• Maintain vulnerability management documentation
• Collaborate with vendors on security updates and patches
• Assess and remediate vulnerabilities based on risk level
• Follow established change control protocols
• Review historical logs for compromise indicators
• Maintain patch management documentation
• Track remediation metrics and timelines
• Validate security updates and patches

System Observability:

• Monitor endpoint telemetry and system performance metrics
• Analyze system health and security events
• Generate and review security reports and metrics
• Maintain inventory of hardware and software assets
• Track system resource utilization and capacity
• Collect and analyze security and operational telemetry
• Monitor system processor, memory, and storage utilization
• Monitor service performance and availability
• Generate regular system health reports

Qualifications

• Bachelor's degree in computer science, cybersecurity, or a related field.
• 3 + years of experience in endpoint security engineering or a related role.
• Strong understanding of endpoint security technologies, such as EDR, antivirus,
• host-based firewalls, and System Configuration Baselines.
• Experience with security policy development and enforcement.
• Knowledge of vulnerability management and penetration testing techniques.
• Experience with incident response and remediation.
• Familiarity with security frameworks and standards, such as NIST, ISO, and CIS.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.

Success Metrics

• Reduction in endpoint security incidents
• Improved endpoint security posture
• Compliance with security policies and regulations
• Effective incident response and remediation
• Positive feedback from stakeholders

Working Relationships

• Reports to: Manager of Cybersecurity Engineering and Risk Management
• Direct Reports: None
• Collaborates with: Customer Experience Team, Project Management Team, Cybersecurity
• Engineering Team