Endpoint Security Engineer

This is a fully remote position, open to applicants in Poland.

📋 Description

• Deploy, configure, and maintain endpoint security solutions at L3 level.

• Take ownership of the complete vulnerability management process for endpoints.

• Create and enforce standards for endpoint hardening.

• Work alongside the SOC and other security teams to correlate endpoint telemetry with network and cloud events for effective threat detection and response.

• Engage in the resolution of security incidents related to endpoints.

• Support and manage the current Splunk deployment, ensuring its stability, data source coverage, and platform reliability; advance its evolution as a Security BI platform through sophisticated dashboards, metrics, and reports tailored to endpoint security and management requirements.

⛳️ Requirements

• Over 5 years of practical experience in endpoint security engineering, particularly in Windows and macOS environments.

• Extensive knowledge of modern EDR/XDR, including deployment, policy configuration, agent management, and L3-level troubleshooting.

• Proven track record in managing the vulnerability management process from start to finish: asset discovery, prioritization, remediation tracking, and reporting.

• Experience with Splunk administration, including onboarding endpoint data sources, creating searches and dashboards, and supporting SOC detection use cases.

• Practical experience with MDM solutions (Jamf, Intune, or equivalent), including the definition and enforcement of security configuration requirements, compliance baselines, and policy implementation.

• Strong understanding of endpoint hardening standards for Windows (CIS Benchmarks, STIG) and macOS (CIS macOS Benchmark, NIST guidelines).

• Experience in developing and maintaining hardening baselines, including scripted or policy-driven enforcement at scale.

• Ability to formalize security requirements into policies, standards, and control frameworks.

• Active participation in incident response related to endpoint security events: containment, investigation, and root cause analysis.

• Thorough understanding of attacker TTPs (MITRE ATT&CK framework) as they apply to endpoint threat scenarios.

• Experience in development and automation (Python/Go).

• Ability to communicate clearly in both written and oral forms.

• Upper Intermediate or higher proficiency in English.

• Preferred: Experience in threat hunting on endpoint telemetry, proactively identifying anomalies beyond alert-driven workflows.

• Familiarity with compliance frameworks relevant to endpoint controls: PCI DSS, ISO 27001, or SOC 2, especially in mapping hardening standards to control requirements.

• Exposure to SIEM/SOAR integration for forwarding endpoint events, building detection rules, or contributing to automated response playbooks.

• Understanding of PKI and certificate management related to endpoints (device certificates, mTLS, MDM enrollment).

• Experience with privileged access controls on endpoints, including local admin management, PAM integration, or application allowlisting.

• Familiarity with DLP solutions and data protection policies at the endpoint level.

🏝️ Benefits

• Full-time remote work opportunities with flexible working hours.

• Private insurance coverage.

• An additional day off for each calendar year.

• Compensation for sports programs.

• Comprehensive mental health program.

• Free online English lessons with a native speaker.

• A generous referral program.

• Opportunities for training, internal workshops, and participation in international professional conferences and corporate events.