Principal Enterprise Endpoint Security Portfolio Architect (Remote)

About The Position

Requirements

• Typically requires a University Degree or equivalent experience and a minimum 12 years of experience, or an Advanced Degree and a minimum 10 years experience.
• 10+ years experience in cybersecurity, and/or information technology, or related intelligence community, military, or civil service fields.
• 10+ years experience with endpoint protection technologies (CrowdStrike, Microsoft Defender for Endpoint, SentinelOne, Palo Alto Cortex, etc.) and integration with SOC workflows
• Experience leading endpoint security architecture at enterprise scale, preferably in global or regulated industries.
• The ability to obtain and maintain a U.S. government issued security clearance is required. U.S. citizenship is required, as only U.S. citizens are eligible for a security clearance.

Nice To Haves

• CISSP, CISM, or vendor-specific IAM certifications a plus
• Strong knowledge of UEM/MDM platforms (Intune, JAMF, Workspace ONE) and endpoint posture compliance models
• Hands-on experience with OS hardening, endpoint privilege management, encryption, and application control
• Familiarity with Zero Trust frameworks (NIST SP 800-207, CISA ZTMM) and integration of device trust signals into access policies
• Understanding of enterprise architecture methods (TOGAF, SABSA, DoDAF) and security frameworks (NIST CSF, CIS Controls, MITRE ATT&CK)
• Familiarity with enterprise architecture frameworks (TOGAF, SABSA, DoDAF) and cybersecurity standards (NIST CSF, MITRE ATT&CK)
• Excellent communication and leadership skills, with the ability to influence senior executives and guide large-scale change
• Possesses an established track record of continuous learning and improvement, particularly with emerging technologies and security subject matters

Responsibilities

• Define and maintain enterprise endpoint security reference architectures and roadmaps across Windows, macOS, Linux, iOS/Android, and specialized devices (IoT/OT where applicable)
• Serve as portfolio owner for endpoint security solutions, including lifecycle management, investment planning, vendor strategy, and cost optimization
• Lead design and adoption of modern endpoint protection platforms (NGAV, EDR, XDR) and ensure integration with SOC/SIEM/SOAR for advanced detection and response
• Establish endpoint hardening, encryption, and privilege management standards (BitLocker, FileVault, AppLocker/WDAC, Just-in-Time access)
• Drive UEM/MDM strategies (Intune, JAMF, Workspace ONE, etc.) to secure corporate, BYOD, and hybrid device environments
• Ensure endpoint posture and compliance signals integrate into Zero Trust and conditional access models
• Collaborate with IT, security, and operations teams to balance strong endpoint protection with workforce usability and productivity
• Lead architectural risk assessments for endpoint platforms and ensure alignment with regulatory frameworks (NIST, ITAR/EAR, ISO 27001, CIS Benchmarks)
• Mentor engineers and architects, raising enterprise capability in endpoint security best practices
• Develop and track KPIs/metrics that demonstrate endpoint risk reduction, adoption of security controls, and value realization from endpoint investments

Benefits

• Whether you’re just starting out on your career journey or are an experienced professional, we offer a robust total rewards package with compensation; healthcare, wellness, retirement and work/life benefits; career development and recognition programs.
• Some of the benefits we offer include parental (including paternal) leave, flexible work schedules, achievement awards, educational assistance and child/adult backup care.