End-Point Protection Engineer - 4

About The Position

Requirements

• Bachelors in a relevant field (e.g., Information Technology, Computer Science, Engineering).
• 8+ years of experience in enterprise endpoint security engineering in large, regulated environments.
• Advanced experience designing, implementing, and managing Microsoft Defender for Endpoint and Intune security baselines.
• Hands-on experience in vulnerability management, endpoint patching strategies, supersedence processes, and POA&M resolution.
• Experience documenting SOPs/runbooks and providing compliance-focused reporting to federal stakeholders.
• Microsoft Defender for Endpoint
• Microsoft Intune endpoint and mobile device security baseline management
• Endpoint vulnerability assessment, remediation coordination, and POA&M tracking
• Enterprise endpoint patching and supersedence management
• Antivirus/endpoint protection deployment, signature/DAT update operations, and scheduled scan management
• Endpoint threat triage, escalation, and response coordination
• Automation scripting for reporting and remediation
• Process documentation, status reporting, and compliance evidence support

Nice To Haves

• Experience supporting federal IT operations under FISMA and NIST-aligned controls.
• Experience implementing endpoint compliance enforcement at enterprise scale across distributed/remote workforces.
• Experience integrating endpoint tooling and metrics into enterprise dashboards and executive reporting.
• Demonstrated success leading cross-team remediation efforts for audit findings and complex security incidents.
• Prior experience supporting SEC or similarly regulated federal civilian agency environments.
• Microsoft SC-200 (Security Operations Analyst)
• Microsoft MD-102 (Endpoint Administrator)
• CISSP

Responsibilities

• Architect, implement, and maintain enterprise endpoint protection strategies across Windows, macOS, iOS, workstation, and server platforms.
• Define, enforce, and continuously improve endpoint security baselines using Microsoft Defender for Endpoint and Microsoft Intune.
• Lead deployment and configuration of antivirus and endpoint protection tooling, including policy tuning, signature/DAT update management, and scheduled scans.
• Validate new endpoint security configurations in controlled environments before production rollout.
• Own endpoint patching strategy and execution across managed endpoint environments, including supersedence management.
• Monitor vulnerability findings, assess risk and severity, and coordinate remediation with technical teams and system owners.
• Lead development, tracking, and closure of endpoint POA&Ms with clear milestones and risk-based prioritization.
• Ensure remediation and patch activities support ongoing compliance objectives and audit readiness.
• Monitor endpoint security telemetry and respond to endpoint-specific threats, suspicious activity, and policy non-compliance.
• Serve as an escalation point for complex endpoint incidents and coordinate with SOC and incident response stakeholders for broader investigations.
• Create and maintain automation scripts and reporting workflows for endpoint compliance, vulnerability status, and remediation tracking.
• Maintain accurate SOPs, runbooks, and status reporting to support governance, audit response, and service transparency.
• Collaborate with federal stakeholders, ISS teams, and partner vendors to validate endpoint security posture and operational readiness.
• Provide senior technical guidance to engineering and operations teams on endpoint security architecture and best practices.
• Support audit remediation activities (e.g., FISMA, IG, GAO) by preparing evidence and tracking corrective actions.
• Drive continuous improvement initiatives that increase automation, resilience, and efficiency of endpoint security operations.

Benefits

• competitive compensation
• Health and Wellness programs
• Income Protection
• Paid Leave
• Retirement