Cybersecurity Engineer (Endpoint & Incident Response) - Contract

About The Position

Requirements

• 2–5 years of professional experience in cybersecurity operations, incident response, or endpoint security.
• Hands‑on experience with: Endpoint Management tools (e.g., Intune or equivalent) EDR/XDR platforms (e.g., CrowdStrike) DLP solutions (e.g., Forcepoint) Vulnerability management tools (e.g., Tenable)
• Experience working in a regulated or compliance‑driven environment.
• Strong understanding of endpoint security concepts, attacker techniques, and incident response lifecycle.
• Ability to analyze security alerts, logs, and telemetry to determine impact and severity.
• Familiarity with Windows endpoint security controls and enterprise endpoint architectures.
• Working knowledge of vulnerability scanning, prioritization, and remediation processes.
• Strong communication skills with the ability to explain technical issues to both technical and non‑technical stakeholders.
• Ability to work effectively under pressure during active security incidents.
• Collaborative mindset with a strong sense of ownership and accountability.

Nice To Haves

• Experience working directly with or embedded alongside a CSOC.
• Exposure to threat hunting or proactive detection activities.
• Security certifications such as Security+, GSEC, GCED, GCIA, or similar (not required but preferred).
• Experience supporting audits or regulatory assessments.

Responsibilities

• Act as a primary responder for endpoint‑related security incidents, coordinating closely with the CSOC on investigation, containment, eradication, and recovery activities.
• Monitor, triage, and respond to alerts generated from EDR/XDR, DLP, and endpoint management platforms.
• Perform in‑depth analysis of endpoint telemetry to identify malicious activity, lateral movement, and indicators of compromise (IOCs).
• Support incident documentation, root cause analysis, and post‑incident reviews to improve detection and response capabilities.
• Administer and operate endpoint security and management tools, including but not limited to: CrowdStrike (EDR/XDR, threat hunting, response actions) Microsoft Intune (endpoint management, policy enforcement, device compliance) Forcepoint (DLP monitoring, policy tuning, incident handling)
• Tune detection logic, alert thresholds, and response workflows to reduce false positives while maintaining strong security coverage.
• Collaborate with engineering and IT teams to ensure secure endpoint configurations and enforcement of security baselines.
• Support vulnerability management activities using tools such as Tenable, including: Scanning endpoints and systems Analyzing vulnerability findings Assisting with risk prioritization and remediation tracking
• Partner with infrastructure and application teams to validate remediation and reduce exposure.
• Operate within a regulated environment, ensuring security controls align with internal policies and external regulatory requirements.
• Assist with evidence collection, control validation, and audit support related to endpoint security, incident response, and vulnerability management.
• Ensure security processes and response activities are documented and repeatable.
• Work closely with CSOC analysts, threat intelligence, IT operations, and compliance teams to improve detection, response, and operational maturity.
• Contribute to the development and refinement of runbooks, playbooks, and standard operating procedures (SOPs).
• Stay current on emerging threats, attack techniques, and endpoint security best practices.

Benefits

• Opportunity to work in a mature cybersecurity program with modern tooling.
• Exposure to real‑world incident response and enterprise‑scale security operations.
• Professional development, training, and certification support.
• Competitive compensation and benefits package.