Endpoint Security Engineer

Role Overview

This role is for a practical, execution-oriented Endpoint Security Engineer who can help drive a large migration of endpoint security tooling. The position is centered on building and implementing solutions, not just advising on them. You will take ownership of endpoint security platforms, support the transition from one toolset to another, and contribute directly through engineering and coding work.

Work Location

Preferred work locations are Richmond, VA or McLean, VA.

What You’ll Be Doing

• Oversee and maintain endpoint security tools and related platforms.
• Assist with moving from the current endpoint security stack to a new one.
• Design, configure, and improve endpoint security controls and capabilities.
• Perform hands-on engineering tasks, including scripting and coding.
• Protect endpoint environments across Windows, macOS, and Linux systems.
• Support security for developer environments and container-based setups.
• Work within a distributed team while keeping meetings light, at roughly one hour per day.

What the Ideal Candidate Looks Like

• Very hands-on and comfortable doing the work directly.
• Has a proven history of building and implementing solutions.
• Can work independently and take initiative without constant direction.
• Approaches problems with a strong analytical and troubleshooting mindset.

Required Background

• High school diploma, GED, or an equivalent certification.
• At least 4 years of experience in cybersecurity or IT.
• At least 4 years of experience working with endpoint security.
• At least 2 years of experience with cloud and container technologies.
• At least 2 years of experience securing macOS, Windows, and Linux environments.
• At least 2 years of experience securing developer environments.
• At least 4 years of experience in configuration management.
• At least 4 years of experience in incident response or incident management.
• At least 4 years of AWS experience, including EC2, Lambda, RDS, and Route53.
• At least 3 years of experience in red teaming, threat intelligence, threat hunting, and vulnerability management.
• Ability to write scripts in Python or Go is preferred.
• Ability to write SQL queries.
• Strong communication skills and the ability to work effectively in distributed teams.

Preferred Experience

• Eight or more years of experience across endpoint and security tooling.
• Experience with AV/EDR platforms such as CrowdStrike, SentinelOne, Symantec, or similar products.
• Background in application control, data loss prevention, firewall technologies, and log management.
• Exposure to privileged access management tools such as BeyondTrust, Delinea, or Microsoft solutions.
• Experience with system hardening, behavioral analysis, threat detection, and vulnerability management.
• Working knowledge of MITRE ATT&CK, NIST, and OWASP.
• Strong understanding of network protocols, infrastructure design, and multi-OS environments.
• Experience with vulnerability exploitation across applications, systems, and networks.
• Hands-on work with SIEM or log platforms, including log analysis and querying.

Tools and Environment

• Endpoint and security platforms such as CrowdStrike, Symantec, Palo Alto, and SentinelOne.
• Telemetry tools such as OSQuery.
• Privileged access management platforms including Delinea, BeyondTrust, and Microsoft offerings.
• AWS and containerization tools, including Dev Containers and CDE.

Day-to-Day Working Style

• Expect around one hour of meetings each day.
• Most of the time will be spent on engineering and implementation work.
• The role involves designing, building, and coding endpoint security solutions.
• You will also help with migration and implementation activities.

Additional Notes

This opportunity is best suited to people who enjoy building solutions, solving complex technical problems, and working with minimal supervision in a distributed environment.