Endpoint Security Engineer

SUMMARY

The Endpoint Security Engineer serves as a technical escalation point responsible for advanced endpoint support, identity administration, and day-to-day operation of security tooling across client environments. This role requires independent execution, strong judgment, and the ability to operate in security- and compliance-sensitive environments. Success is measured not by ticket volume alone, but by stability, documentation quality, risk reduction, and client confidence.

JOB RESPONSIBILITIES

Endpoint & User Support

• Tier 2/3 support for Windows and macOS workstation operating systems
• Diagnose and resolve complex endpoint, application, and access issues
• Manage endpoint lifecycle: provisioning, hardening, patching, and decommissioning
• Support hybrid and fully remote user environments

Identity & Productivity Platforms

• Administer Google Workspace and Microsoft 365
• User provisioning/deprovisioning
• MFA, conditional access, and device security policies
• Exchange Online, SharePoint, and OneDrive support
• Troubleshoot SSO, MFA failures, identity drift, and access anomalies

Security Tooling Operations

• Operate and respond to alerts from:
• Endpoint Detection and Response (EDR)
• Remote Monitoring and Management (RMM)
• Application control / allow-listing platforms
• Perform first-line security alert triage and escalation
• Enforce endpoint security baselines and least-privilege principles
• Recognize and report suspicious or non-compliant activity

Systems & Infrastructure Support

• Support Windows Server environments (Active Directory, DNS, Group Policy, file services)
• Assist with server migrations, workstation refreshes, and infrastructure projects
• Execute changes following documented change control processes

Change Management & Risk Awareness

• Assess impact and risk before making system changes
• Follow formal change control and approval processes
• Understand blast radius and rollback considerations
• Escalate changes that introduce security or operational risk

Documentation, Evidence & Audit Readiness

• Produce clear, defensible documentation for:
• Access changes
• Security actions
• Incident response activities
• Maintain accurate ticket notes suitable for audit review
• Contribute to SOPs, runbooks, and knowledge base articles

Client Interaction & Boundary Management

• Communicate clearly with technical and non-technical stakeholders
• Set expectations and provide accurate status updates
• Professionally push back on insecure or out-of-scope requests
• Enforce security standards without bypassing controls to be helpful

Incident Response & Operational Support

• Participate in security incidents and after-action reviews
• Assist with containment, evidence collection, and remediation
• Document root cause, corrective actions, and prevention steps

QUALIFICATIONS

• 5+ years in Helpdesk, Desktop, or Endpoint Support (MSP experience strongly preferred)
• Hands-on experience with:
• Google Workspace administration
• Microsoft 365 administration
• Windows Server and Windows workstation operating systems
• MacOS support
• Experience working with:
• EDR platforms
• RMM platforms
• Application control / endpoint hardening tools
• Strong troubleshooting methodology and root-cause analysis skills
• Comfortable operating within SLAs and escalation frameworks
• Strong written documentation and technical communication skills
• Proven ability to work independently with minimal supervision
• Sound judgment in security-sensitive environments

Nice to have Experience:

• NinjaOne RMM
• SentinelOne
• ThreatLocker
• Server migration support (on-prem to cloud or hybrid)
• Networking fundamentals (DNS, DHCP, VLANs, firewalls, VPNs)
• Google Cloud Platform (GCP)
• AWS
• Scripting or automation (PowerShell, Bash, Python)
• Experience supporting compliance-driven environments (NIST, CMMC, SOC 2)

JOB REQUIREMENTS

• Should be willing to accept a long-term work-from-home arrangement.
• Should be amenable to a permanent night shift schedule.