Engineer

About The Position

Requirements

• Must possess an active Top Secret security clearance.
• A Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience) is preferred.
• A minimum of eight (8) years of overall experience in Information Technology, Endpoint Engineering, or Cybersecurity.
• A minimum of six (6) years of dedicated experience performing advanced engineering (not help desk) functions in complex enterprise environments.
• Demonstrated experience working under formal change control, audit, and security governance processes.
• Strong background in configuring and troubleshooting routers, switches, firewalls, VPNs, DNS, DHCP, and VLANs.
• Hands-on experience using Ivanti and/or KACE for OS and application patching.
• Experience with Microsoft Intune, Windows Autopilot, and JAMF Pro.
• Working knowledge of NIST SP 800-53 and Zero Trust principles.

Responsibilities

• Configure, maintain, and troubleshoot routers, switches, firewalls, Virtual Private Networks (VPNs), Domain Name Systems (DNS), Dynamic Host Configuration Protocols (DHCP), Virtual Local Area Networks (VLANs), and related network technologies.
• Actively support network security initiatives, including vulnerability remediation, network segmentation, access controls, and incident response activities. Apply working knowledge of NIST cybersecurity frameworks (including NIST SP 800-53) and Zero Trust principles.
• Build and maintain Windows and macOS workstation images. Manage image automation, validation, rollback, and version control processes. Integrate images with Virtual Desktop Infrastructure (VDI), Endpoint Detection and Response (EDR), authentication, and logging agents.
• Utilize tools such as Ivanti and/or KACE for OS and application patching. Manage configuration drift, execute remediation workflows, and provide comprehensive reporting. Validate patches post-deployment and support necessary rollback procedures.
• Leverage Microsoft Intune and Windows Autopilot for provisioning and compliance enforcement. Utilize JAMF Pro for comprehensive macOS endpoint management. Implement and manage advanced authentication methods, including passwordless authentication and hardware-backed credentials (e.g., YubiKey, CAC, software keys).
• Configure robust endpoint logging (e.g., Windows Event Logs, macOS Unified Logs). Forward and validate logs into SIEM/EDR platforms (such as MS Sentinel) to support forensic collection, audit readiness, and continuous monitoring.
• Develop and maintain detailed network documentation, diagrams, standard operating procedures (SOPs), and configuration baselines.
• Assist in administering all information security functions for Windows and macOS baselines, working under formal change control, audit, and security governance processes.