Endpoint Engineer


  • Analyze and monitor endpoint platforms for security risks to detect and act as escalation point for advanced threats/issues.
  • Perform security event triage and initial incident response to detected threats.
  • Assist other groups by providing endpoint log and troubleshooting information to resolve production issues.
  • Regularly plan and update/create endpoint policies or controls as needed to enhance security.
  • Identify potential gaps and offer solutions to include internal team needs, product improvements and client security postures.
  • Communicate and enforce Information Security policies.
  • Coordinates with other team members and management to investigate, document and report incidents.
  • Regularly create and maintain high quality documentation for knowledgebases, changes, and procedures.
  • Collaborate with our Threat Analysis Unit to provide in depth reports of confirmed security incidents and produce technical threat advisory broadcasts about new and emerging threats.
  • Assist/lead new endpoint product implementation to clients.


  • Expertise in Application Control (WDAC, Carbon Black Application Control)
  • Experience with endpoint security tools, Nextgen Anti-Virus (NGAV), and Endpoint Detection and Response (EDR)
  • Experience with APIs as they relate to security tools.
  • Proficiency with three or more of the below:
    • Threat Hunting.
    • SIEM and Log Management experience (Splunk, IBM QRadar, HP ArcSight, LogRhythm, Stellar Cyber, etc.).
    • Analysis and Forensic Tools (FTK, EnCase, ProcMon, WireShark, etc.).
    • Malware sandboxing experience.
    • Penetration Testing Tools (Metasploit, Kali, Atomic Red Canary, etc.).
    • IOC Management.


  • BS/BA degree in Computer Science, Information Systems, related discipline, or equivalent experience.
  • 3-5 years of professional work experience in the cybersecurity industry.
  • The ideal candidate will have macOS and Windows operating system experience, as well as scripting skills. Linux/Unix skills are a plus.
  • Strong analytical skills to define risk, identify potential threats, and develop and document action/mitigation plan.
  • Strong interpersonal skills, ability to mentor/train staff and bring awareness to current and emerging threats.
  • Ability to work efficiently and self-motivate with little to no supervision.
  • Certification/training a plus: CISSP, SAN GIAC Certifications (GCIH, GPEN, GSEC, etc.), CompTIA (Security+, CYSA+, etc.), Carbon Black/VMware, Crowdstrike, SentinelOne, etc.
  • Strong written and verbal communications skills with an ability to present technical risks and issues to technical and non-technical audiences internal and external to the organization.
  • Regulatory experience is a plus (GDPR, ISO27K, SSAE16, HIPAA, PCI, FISMA, etc.).


  • All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment.