Endpoint Security Engineer

About The Position

Requirements

• Must be able to obtain Secret security clearance.
• Advanced PowerShell scripting for automated compliance checks (registry, services, file permissions)
• PowerShell scripting for automated remediation of non-compliant endpoint configurations and STIG settings
• Ability to create scripts for data gathering and compliance status reporting
• Deep knowledge of Windows endpoint internals and endpoint security tooling
• Strong EPP/EDR experience, including validating agent install status, service health, versioning, and signature/definition updates
• Experience configuring and auditing host-based firewalls (Windows Defender Firewall)
• Understanding of data-at-rest encryption and verification methods (e.g., BitLocker)
• Familiarity with application whitelisting/application control concepts and enforcement
• Ability to interpret vulnerability scan results and correlate them with endpoint configuration and STIG findings
• Practical experience auditing and implementing DISA STIG requirements for Windows endpoints
• Proficiency with Cisco ISE posture assessment and policy configuration for endpoint compliance
• Ability to integrate endpoints with ISE for posture/NAC and troubleshoot posture/client provisioning issues
• Understanding of patch management processes and validating patching agent health (WSUS, SCCM, Intune)
• Working knowledge of PKI/certificate management on endpoints, including trusted root certificates

Nice To Haves

• B.A or B.S. in a degree such as Computer Science, Information Systems or Information Technology or 7 years related experience.
• Experience working in a DoD healthcare IT environment.

Responsibilities

• Develop, test, and maintain advanced PowerShell scripts to automate endpoint compliance validation, data collection, and reporting aligned with security and DISA STIG requirements
• Design and implement automated remediation scripts to restore non-compliant endpoints to required baselines, including STIG configurations and endpoint security agent health
• Deploy and manage remediation solutions through Cisco Secure Client to support automated compliance enforcement
• Collaborate with Cisco ISE engineers to implement, optimize, and troubleshoot posture assessment workflows and NAC policy enforcement
• Investigate and resolve endpoint-side issues impacting network access compliance and client provisioning
• Correlate vulnerability scan results with endpoint configuration gaps to drive remediation efforts
• Validate and monitor patch management systems (WSUS, SCCM, Intune) to ensure endpoint update compliance
• Support endpoint certificate management and PKI-related requirements as needed

Benefits

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules