Senior Endpoint Security Engineer

Senior Endpoint Security Engineer



Location: Chicago, IL | Houston, TX



Job Summary:



We are seeking a highly skilled and motivated Senior Endpoint Security Engineer to join our team. In this role, you will be responsible for ensuring the security and stability of our desktop infrastructure within a large enterprise environment. Your expertise will be crucial in discovering, analyzing, and addressing risks associated with desktops, laptops, virtual desktops, and applications. You will collaborate with various IT teams to implement robust security measures, manage vulnerabilities, and ensure compliance with industry standards.



Responsibilities:





Vulnerability Management:





Detect, prioritize, and mitigate CVE vulnerabilities on endpoint systems, including operating systems, third-party applications, GPOs, and registry modifications.

Analyze and prioritize vulnerabilities based on risk and impact to ensure effective resolution in alignment with operational stability requirements.

Track, assign, and oversee the management of vulnerabilities and compliance findings in coordination with responsible teams.

Maintain a comprehensive inventory of vulnerabilities and diligently track remediation efforts to closure.

Regularly report on vulnerability status and trends to management, providing actionable insights for decision-making.

Vulnerabilities remediation on production end-user devices, specifically those running software applications such as Java, Adobe products, Oracle, Visual Studio, Edge Chromium, Chrome, Firefox, WinSCP, and others.

Responding to zero-day vulnerabilities swiftly and reliably.





Security Engineering:



Security engineering of desktop infrastructure within a large enterprise setting.

Proficiency in the following areas: Active Directory, Mobile Device Management (MDM), System Center Configuration Manager (SCCM), Group Policy Objects (GPOs), Windows 11, Windows 10, virtual environments, reporting, and strong documentation and analytical skills.

Implementation of security benchmarks such as STIG, NIST, or CIS settings in an enterprise environment.





Automation and Scripting:



Shell scripting, specifically creating, editing, and executing scripts for Windows software and/or operating system use cases.

Collaborate with teams to script and build updates, ensuring vulnerabilities and compliance remediations are executed within the stipulated SLA(s).





Testing and Support:



Conducting thorough testing and providing support for software programs, drivers, commercial applications, and operating system updates with an emphasis on security.

Identifying and addressing vulnerabilities within endpoint systems.





Cybersecurity Applications:



Apply working knowledge of cybersecurity applications to enhance the security posture of the organization.





Remediation and Collaboration:



Work closely with IT teams to carry out remediation activities of identified vulnerabilities.





Reporting and Strategy:



Strategizing and reporting on the overall process.









Required Skills and Experience:





Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).

5 years of experience in cyber security and desktop infrastructure management.

Extensive experience with Active Directory, MDM, SCCM, GPOs, Windows 10/11, and virtual environments.

Proven ability to detect, prioritize, and mitigate CVE vulnerabilities.

Strong shell scripting skills.

Experience implementing STIG, NIST, or CIS benchmarks.

Excellent analytical and problem-solving skills.

Strong documentation and communication skills.

Experience with vulnerability scanning tools.

Knowledge of common endpoint security solutions.





Preferred Qualifications:





Relevant industry certifications (e.g., CompTIA Security , CISSP, CEH).

Experience with automation tools and scripting languages (PowerShell, Python).

Familiarity with cloud security concepts.





Keywords: Cyber security, desktop infrastructure, vulnerability management, CVE, Active Directory, MDM, SCCM, GPOs, Windows 10, Windows 11, STIG, NIST, CIS, shell scripting, endpoint security, zero-day vulnerabilities, remediation, security engineering.