Cybersecurity Engineer - Endpoint Detection

KLA•Ann Arbor, MI

1d•Onsite

About The Position

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem, with its technologies used in virtually every electronic device. The company invests significantly in R&D, with expert teams focused on advancing electronic devices. The KLA Cybersecurity group is involved in every aspect of the global business, defending against cyber-attacks and providing cybersecurity tools, incident response services, and assessment capabilities to safeguard KLA's essential operations and Intellectual Property. The team is dedicated to identifying adversarial activities and anticipating threats to strengthen defenses. KLA is seeking an Endpoint Detection Engineer to serve as the hands-on subject matter expert for their enterprise endpoint detection platforms. This role is responsible for the configuration, tuning, lifecycle management, and continuous improvement of EDR and EPM tooling from a cybersecurity perspective, ensuring the platform is optimally deployed, deeply integrated with the broader security stack, and proactively evolving to address emerging threats. The engineer will partner closely with the SOC and IT Security teams to align detection capabilities with operational workflows, serving as the primary technical liaison.

Requirements

Five (5) years of hands-on experience in cybersecurity, with at least 2 years focused on EDR/XDR and EPM platform administration and engineering.
Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
Demonstrated expertise with one or more enterprise security platforms (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint, CyberArk, Delinea) including policy management, agent configuration, and console administration.
Solid understanding of endpoint attack techniques, threat actor TTPs, and the MITRE ATT&CK framework.
Experience leading endpoints across Windows and macOS in large enterprise environments; Linux experience a plus.
Confirmed ability to solve complex agent performance, stability, and interoperability issues across a diverse endpoint ecosystem.
Experience working in or closely supporting a SOC, detection engineering, or incident response function.
Scripting proficiency in one or more languages (i.e., PowerShell, Python, etc.) for automation of operational and security tasks or experience working with management APIs.
Familiarity with SIEM platforms and endpoint-to-SIEM data pipelines; experience with query languages such as KQL or SPL a plus.

Nice To Haves

Experience supporting or participating in red team, purple team, or adversary simulation exercises.
Malware analysis or reverse engineering experience.
Familiarity with digital forensics tooling and methodology (e.g., KAPE / Zimmerman Tools) for endpoint artifact analysis.
Familiarity with MDM/MAM solutions (Intune, JAMF, Workspace ONE) and their interplay with endpoint security tooling.
Working knowledge of security hardening benchmarks (CIS Controls, NIST 800-53) and how to operationalize them at the endpoint layer.
Experience in regulated or large enterprise environments with compliance requirements (PCI-DSS, ISO 27001, or similar).
Relevant certifications such as GCDA, GREM, GCIH, or platform-specific certifications.

Responsibilities

Own the design, configuration, and ongoing optimization of the enterprise EDR and EPM platforms across Windows, macOS, and Linux environments.
Define and author endpoint hardening standards, detection policies, exclusion logic, and response baselines aligned with industry best practices.
Ensure endpoint platforms integrate effectively with SIEM, SOAR, SOC workflows, and identity platforms to maximize telemetry value and response automation.
Proactively evaluate new platform features, capabilities, and emerging technologies, leading proof-of-concept testing and driving adoption of enhancements that strengthen security posture.
Monitor agent health, fleet coverage, and version compliance; manage agent lifecycle including upgrades, rollouts, and rollback procedures.
Collaborate with detection engineers to develop, evaluate, and continuously refine endpoint-based detections mapped to MITRE ATT&CK techniques and real-world threat actor TTPs.
Partner with the SOC to improve detection fidelity, reduce false positive rates, and enhance automated response capabilities tied to endpoint threats.
Assist in endpoint-related security incident investigations, leveraging endpoint telemetry for root cause analysis, forensic evidence collection, and remediation guidance.
Contribute to proactive threat hunting missions with the Cyber Threat Intelligence team, using behavioral analytics and endpoint telemetry to surface threats that evade automated detection.
Drive root cause analysis following incidents or platform issues and implement continuous improvements to prevent recurrence.
Identify and resolve complex performance, stability, and interoperability issues between the endpoint agents and other tooling including EPM, DLP, and MDM solutions.
Serve as the primary technical liaison with the endpoint platform vendors, managing escalations, product roadmap input, and coordination on advanced support cases.
Partner with IT Security and infrastructure teams to troubleshoot deployment and compatibility issues across the enterprise endpoint fleet.
Write and maintain technical documentation including configuration standards, operational runbooks, and troubleshooting guides.