Principal Threat Surface Analyst - Remote or Hybrid in MN or DC

About The Position

Requirements

• 7+ years of experience in cybersecurity, security engineering, or a related field
• 3+ years of hands-on experience implementing and supporting EDR and antivirus solutions
• 3+ years of experience implementing
• 3+ years of experience securing endpoints across enterprise environments (Windows, macOS, Linux)
• Experience partnering with cross-functional teams to remediate security risks

Nice To Haves

• 2+ years of scripting or automation experience (PowerShell, Python, REST APIs)
• Experience implementing and supporting enterprise endpoint platforms such as: Microsoft Defender for Endpoint, Trend Micro, CrowdStrike, SentinelOne, Carbon Black
• Experience with attack surface management, vulnerability scanning, or exposure monitoring tools (e.g., Tenable, Shodan, dark web monitoring solutions)
• Demonstrated familiarity with email security platforms and SMTP migrations (e.g., Proofpoint)
• Experience integrating security tools with SIEM/SOAR platforms

Responsibilities

• Design, implement, and maintain enterprise endpoint security solutions, including: Endpoint Detection and Response (EDR/XDR), Antivirus / Next Generation Antivirus (NGAV)
• Lead endpoint security deployments, migrations, upgrades, and configuration tuning across Windows, macOS, and Linux environments
• Develop and maintain endpoint security standards, configurations, and security baselines
• Ensure endpoint protection platforms (e.g., Trend Micro, Microsoft Defender for Endpoint) are properly integrated with SIEM, SOAR, and SOC workflows
• Partner with IT and device management teams to ensure consistent endpoint visibility, health, and protection coverage
• Implement and manage attack surface discovery and monitoring capabilities, including: External scanning and exposure monitoring (e.g., Shodan, Tenable), Dark web monitoring tools for credential leakage and brand exposure, Network and application exposure analysis (e.g., AlgoSec or similar)
• Identify, analyze, and prioritize external and internal attack surface risks
• Partner with infrastructure, network, cloud, and application teams to drive remediation of exposed services, misconfigurations, and vulnerabilities
• Support secure email and messaging initiatives, including SMTP migrations and security enhancements using platforms such as Proofpoint
• Develop reporting and metrics to track attack surface reduction over time
• Automate deployment, configuration, reporting, and health checks for endpoint and attack surface tools using scripting (PowerShell, Python, APIs)
• Build repeatable processes and tooling to improve security visibility and operational efficiency
• Evaluate new endpoint security and attack surface management capabilities, recommending enhancements or tooling changes based on risk and business impact
• Leverage enterprise-approved AI tools to enhance productivity and innovation by streamlining workflows and automating repetitive tasks
• Evaluate emerging trends to drive continuous improvement and strategic innovation
• Work closely with IT, infrastructure, cloud, network, and application teams to ensure secure system configurations
• Provide technical guidance and mentoring to junior engineers and analysts
• Clearly communicate endpoint and attack surface risks, findings, and remediation strategies to both technical and non-technical stakeholders

Benefits

• comprehensive benefits package
• incentive and recognition programs
• equity stock purchase
• 401k contribution