Information Security Engineer - Endpoint

About The Position

Requirements

• Active Directory Deep, working knowledge of AD architecture: sites and services, replication, trust relationships, delegation models, and the LDAP schema.
• Hands-on experience investigating and detecting AD attacks across the full kill chain — from initial enumeration through domain dominance.
• Familiarity with attack tooling (BloodHound, Impacket, Rubeus, Mimikatz, CrackMapExec) and, critically, what they leave behind.
• Experience hardening AD environments: tiered administration, Protected Users, LAPS, Credential Guard, PAM trusts, and authentication policy silos.
• Windows Internals Thorough understanding of Windows security architecture: access tokens, privilege model, integrity levels, LSASS and credential storage, SAM, and the Security Reference Monitor.
• Ability to read and interpret Windows kernel structures, driver behavior, and undocumented APIs when necessary.
• Proficiency with low-level analysis tools: WinDbg, Process Monitor, Process Hacker, Volatility, and x64dbg.
• Experience with ETW-based telemetry pipelines and building detections on top of raw Windows event data.
• Detection & Response Proven track record writing high-fidelity detection logic, not just tuning vendor signatures.
• Experience leading complex incident response investigations, including those involving nation-state or sophisticated criminal actors.
• Strong forensic fundamentals across disk, memory, and network artifacts on Windows systems.
• 5+ years of hands-on security experience, with the majority focused on Windows environments and Active Directory.
• Proficiency in Python or PowerShell for detection development, automation, and forensic tooling.
• Active TS/SCI security clearance, or eligibility and willingness to obtain one.
• A portfolio of real work: detections you've written, research you've published, tools you've built, or incidents you've led.

Nice To Haves

• Experience with Entra ID (Azure AD), hybrid identity architectures, and cloud-based attack paths that pivot through on-prem AD.
• Prior work in adversary simulation, red teaming, or offensive security research — especially against AD targets.
• Public contributions: conference talks (BlueHat, BSides, SANS, etc.), blog posts, or open-source tooling.

Responsibilities

• Own the security posture of Palantir's Windows and Active Directory estate — hardening, configuration standards, and ongoing validation that those standards hold.
• Reduce attack surface across AD: audit and remediate misconfigurations, legacy protocol exposure, excessive privilege, Kerberos delegation abuse, and tier model violations.
• Evaluate, deploy, and own the configuration of defensive tooling across the Windows environment: EDR, PAM, identity threat detection, and endpoint hardening controls.
• Build and maintain automation for security operations across Windows infrastructure — patching pipelines, configuration drift monitoring, access reviews, and credential hygiene.
• Partner with Identity and Infrastructure teams to drive architectural improvements: tiered administration, Protected Users, LAPS, Credential Guard, and authentication policy silos.
• Translate findings from assessments and red team exercises into durable fixes — configuration changes, architectural improvements, and policy updates that reduce recurrence.

Benefits

• Employees (and their eligible dependents) can enroll in medical, dental, and vision insurance as well as voluntary life insurance
• Employees are automatically covered by Palantir’s basic life, AD&D and disability insurance
• Commuter benefits
• Take what you need paid time off, not accrual based
• 2 weeks paid time off built into the end of each year (subject to team and business needs)
• 10 paid holidays throughout the calendar year
• Supportive leave of absence program including time off for military service and medical events
• Paid leave for new parents and subsidized back-up care for all parents
• Fertility and family building benefits including but not limited to adoption, surrogacy, and preservation
• Stipend to help with expenses that come with a new child
• Employees can enroll in Palantir’s 401k plan