Desktop Endpoint Security Engineer more... ▼
The Endpoint Security Engineer SMTS is primarily responsible for engineering a comprehensive endpoint security configuration. This will be accomplished through the application of industry best practices, NIST/CIS standards and an intimate personal knowledge of desktop/endpoint security principles. This work will be accomplished through partnership with the desktop planning and engineering team, with the security engineer providing guidance, recommendations and solutions that will drive secure deployment standards.
The “endpoint” could be a workstation, laptop, virtual machine, thin client, mobile device, and other form factor. This includes, but is not limited to; Windows, Macintosh, Linux, UNIX, iOS, Android. The Endpoint Security Engineer is responsible for developing a secure configuration, ensuring the secure deployment and management of the endpoint devices. The engineer will isolate and assess each element of the desktop stack to identify a baseline. Secure configurations will be accomplished through a mixture of applying hardening standards, GPO’s, peripheral/third-party controls and development/communication of guiding policies/standards/procedures.
The Endpoint Security Engineer will own the strategy for security; the base image, standard software applications, and elective software applications. This engineer’s work will help to define, document and communicate an enterprise security strategy that takes into consideration the entire desktop deployment stack. The resulting strategy will take into consideration the full ecosystem of physical, bios, application and operating system controls needed to fully secure an enterprise endpoint deployment.
The Endpoint Security Engineer must be a subject matter expert in endpoint protection software beyond traditional anti-malware. The candidate we are seeking understands that A/V and anti-malware solutions are only a single facet of desktop security. World-Class desktop security requires a multilayered approach, and the desired candidate will need to bring multi-disciplinary expertise to the role.
There is an expectation of enterprise technologies knowledge such as Microsoft Windows, Microsoft System Center Configuration Manager (SCCM), Virtual Desktop Infrastructure (VDI), and Remote Desktop Services (RDS), BitLocker, Credential Guard, EMET, Marimba and DEP & JAMF on Apple Macintosh, among others.
We are seeking a candidate that will drive strategic direction, develop policies/standards, illustrate the importance of critical requirements, persuade leadership to make appropriate business decisions and drive outcomes that benefit the overall security of the corporation.
Required: MCSE - Enterprise Devices (Installing and Configuring Windows 10, Configuring Windows Devices, Deploying Windows Desktops and Enterprise Applications, Administering System Center Configuration Manager and Intune)
Preferred: CISSP, CEH, OCSP, GIAC
Required: Bachelor; Computer Science, Information Systems, Information Technology, Software Engineering - or equivalent experience
Preferred: Master or Advanced; Computer Science, Information Systems, Information Technology and Software Engineering
7 years of business experience; expert in one or more, specific skill sets and business areas or products.
6+ years of experience security with Microsoft Windows 7/8/8.1/10, Apple Macintosh OSX utilizing anti-malware/virus protection, full disk encryption technologies, and Active Directory administration.
6+ years of supporting client endpoint devices and peripherals.
Equal Employment Opportunity
We're proud to be an equal opportunity employer - and celebrate our employees' differences, regardless of race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Different makes us better.