Staff Endpoint Security Engineer

Job Summary

Required Qualifications

• 7–9 years of hands-on experience in endpoint security, systems administration, or a closely related field
• Expert-level knowledge of Windows endpoint security — Group Policy, Intune, SCCM/MECM, Defender for Endpoint, and Windows hardening
• Expert-level knowledge of macOS endpoint security — Jamf Pro, Apple Business Manager, configuration profiles, and macOS security controls
• Solid experience with Linux endpoint security — hardening, SELinux/AppArmor, auditd, and Linux-based EDR/HIDS solutions
• Deep, proven experience with enterprise MDM platforms (Jamf Pro, Microsoft Intune, Workspace ONE, or equivalent) in a large-scale environment
• Hands-on experience with EDR/EPP platforms (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, or equivalent)
• Strong scripting skills for automation and endpoint management — Bash, PowerShell, Python, and/or Swift
• Solid understanding of PKI, certificate management, and secure authentication (SAML, OAuth, SCIM, conditional access)
• Familiarity with SIEM platforms and endpoint telemetry integration (Splunk, Microsoft Sentinel, Elastic, or equivalent)
• Strong knowledge of endpoint security frameworks: CIS Benchmarks, NIST SP 800-70, DISA STIGs
• Experience with Zero Trust Network Access (ZTNA) and integration of MDM compliance with identity providers (Okta, Azure AD, Ping Identity)
• Familiarity with privileged access management (PAM) tools (CyberArk, BeyondTrust, or similar)
• Exposure to mobile security (iOS, Android) within an MDM context
• Experience with vulnerability management platforms (Tenable, Qualys, Rapid7)
• Knowledge of macOS and Linux forensics tooling (osquery, Velociraptor, or similar)
• Relevant certifications: CISSP, CISM, CompTIA Security+, CEH, Microsoft SC-300/MD-102, Jamf Certified Admin/Expert, CrowdStrike CCFA/CCFR, or equivalent
• Experience in regulated industries (FinTech, Healthcare, Legal, or Enterprise SaaS)