Remote Staff Endpoint Security Engineer

Description:

• The Staff Endpoint Security Engineer is a critical, hands-on technical role responsible for designing, implementing, and maintaining robust security controls and detection mechanisms across all company and Bring-Your-Own-Device (BYOD) endpoints, including laptops, desktops, mobile phones, and other devices used by staff and contractors.
• This role is pivotal in protecting Included Health's sensitive data, particularly Protected Health Information (PHI), by preventing unauthorized exfiltration from endpoints and ensuring the security of devices accessing company resources.
• You will be instrumental in architecting and deploying advanced endpoint defenses, managing security tools, and contributing to threat response to reduce the number and criticality of HIPAA-related incidents.
• The position requires deep technical expertise in endpoint security across diverse operating systems (Windows, macOS, ChromeOS, iOS, Android), strong automation skills for building and maintaining defenses, and a proactive approach to identifying and remediating vulnerabilities.
• This is a remote role reporting to the Chief Information Security Officer.

Requirements:

• A Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required.
• Candidates must have 5+ years of experience in endpoint security, with a strong emphasis on designing, building, implementing, and managing security controls, detection mechanisms, and defensive capabilities across a diverse range of endpoint operating systems (Windows, macOS, iOS, Android).
• Proven hands-on experience with leading Endpoint Detection and Response (EDR/XDR) solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black) for threat detection engineering and security policy enforcement is necessary.
• Demonstrable experience with Mobile Device Management (MDM) / Unified Endpoint Management (UEM) platforms (e.g., Microsoft Intune, Jamf Pro, VMware Workspace ONE, Kandji, MobileIron) for enforcing security configurations and policies is required.
• Strong knowledge of endpoint hardening techniques, security configuration management, and policy enforcement across multiple OS platforms is essential.
• Experience designing and implementing endpoint Data Loss Prevention (DLP) strategies and tools is needed.
• Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating endpoint security tasks, tool integrations, and deployment of defensive measures is required.
• Candidates should have experience with endpoint attack vectors, malware, persistence mechanisms, and designing effective mitigation and detection techniques.
• Experience with endpoint vulnerability management, patch management processes, and tools, focused on proactive remediation is necessary.
• Knowledge of network security principles (TCP/IP, DNS, DHCP, VPNs, firewalls) as they relate to designing and implementing endpoint security controls is required.
• Experience working in regulated environments and a strong understanding of HIPAA compliance requirements as they apply to endpoint protection and data handling is essential.

Benefits:

• The compensation package includes a remote-first culture and a 401(k) savings plan through Fidelity.
• Comprehensive medical, vision, and dental coverage through multiple medical plan options, including disability insurance, is provided.
• Paid Time Off (PTO) and Discretionary Time Off (DTO) are included in the benefits.
• Employees receive 12 weeks of 100% Paid Parental leave.
• Family Building & Compassionate Leave benefits include fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption, or pregnancies.
• Work-From-Home reimbursement is available to support team collaboration in home office work.
• Your recruiter will share more about the salary range and benefits package for your role during the hiring process.