Enterprise Engineer IV

Job Description:

Seeking an experienced senior level endpoint security engineer with Windows, iOS, MacOS, and Android enterprise expertise. This position requires both technical as well as a non-technical policy-based skillset.

The security engineer will be responsible for the following:
• Detecting, remediating, and mitigating workstation and mobile security vulnerabilities
• Conduct extensive testing and supporting of critical applications and operating system updates against security vulnerabilities.
• Evaluating business needs then performing the following based on those needs:
o Engineering a complete and secure end user experience,
o Coordinating user acceptance testing,
o Documenting and engineering solutions based on discoveries of vulnerabilities,
o Implementation and maintenance of security benchmark standards.
• Understanding the balance of implementing security standards without production impact.
• Work closely with various IT teams to mitigate security risks per corporate standards and SLA’s.

PRIMARY DUTIES AND RESPONSIBILITIES
• Manage a test group of over 1,000 endpoints, representative of all lines of business in the enterprise, to include alpha testing of new patches, application updates, operating systems, etc.
o Scope includes (but not limited to)
? Applications: Java, Adobe Reader, Edge Chromium, Chrome, Firefox, WinSCP, Notepad++
? Operating Systems/Patching: Windows, iOS, MacOS, and Android updates, and new feature functionality testing.
? Hardware vulnerability analysis: Laptops, desktops, tablets, Macs, mobile devices.
o Responsibilities related to above include planning and coordinating application version releases, ongoing meetings, reporting results, troubleshooting, discussions with developers/vendors regarding upgrades, etc. Prioritization of vulnerability remediations which includes mitigation strategies while simultaneously preventing productivity outages.
• Candidate will work towards proactively providing an endpoint environment that is sufficiently hardened against vulnerabilities along with assuring that engineering efforts adhere to established corporate policy.
• Implementation of best practices for hardening an endpoint environment including security framework standards (STIG/NIST/CIS).
• Proactively detect and analyze system, applications, code, and hardware weaknesses pre-production. Make remediation and mitigation recommendations accordingly.
• Ability to prepare and participate in corporate risk projects as well as IT audits related to PCI, HIPPA, etc. as necessary.
• Understanding personal and team roles, contributing to a positive work environment by building solid relationships with team members, proactively seeking guidance, clarification, and feedback.
• Apply enterprise vision and standards to all projects. Prepare detailed documentation of all engineered work and solutions.

QUALIFICATIONS
Education:
• Bachelors, Current industry certifications and/or equivalent experience

Experience:
• 5+ years of experience providing security engineering of desktop and mobility infrastructure in a large enterprise environment required with aptitude in the following areas: Active Directory, MDM, SCCM, GPOs, Windows 10 & 11, Kiosks, Virtual, Mobility (iOS, MacOS, Android), Reporting, strong documentation, and analytical skills.
• Detection, prioritization, and mitigation strategies for CVE vulnerabilities on endpoint systems (including OS, 3rd Party Applications, GPOs, Registry modifications, etc.)
• Understands and takes quick yet reliable action for zero-day vulnerabilities.
• Successful track record on implementation of security benchmarks STIG/NIST/CIS settings for an enterprise with minimal user impact.
• Engineering with focus on the key security concepts of Confidentiality, Integrity, and Availability.
• Extensive regression testing for enterprise core applications, monthly critical security patches, OS updates, etc.
• Broad infrastructure technology concepts around software, hardware, applications, end user interfaces, virtualization, business continuity, PCI compliance, internal auditing, reporting and total cost of ownership.

Preferred skills:
• Qualys/Nessus (or equivalent vulnerability detection systems), Sandboxing technologies (Cisco Malware Analytics), Injection Hunter, Encryption Technologies, CVE database, CrowdStrike, SysTrack, etc.
• Airline experience is ideal.
• Some knowledge of application packaging and PowerShell Interpretation is ideal.