Endpoint Security Engineer

Overview:

SOFTSWISS continues to expand the team and is looking for an Endpoint Security Engineer.

Key responsibilities:

• Deploy, configure, and maintain(as L3) endpoint security solutions

• Own the end-to-end vulnerability management process for endpoints

• Develop and enforce endpoint hardening standards

• Collaborate with the SOC and other security teams to correlate endpoint telemetry with network and cloud events for threat detection and response

• Participate in the resolution of endpoint-related security incidents

• Support and administer the existing Splunk deployment – ensuring stability, data source coverage, and platform reliability; drive its evolution as a Security BI platform through advanced dashboards, metrics, and reporting tailored to endpoint security and management needs

Required Experience:

• 5+ years of hands-on experience in endpoint security engineering, with a focus on Windows and macOS environments

• Deep expertise with modern EDR/XDR – deployment, policy configuration, agent management, and L3-level troubleshooting

• Proven experience with vulnerability management processes end-to-end: asset discovery, prioritization, remediation tracking, and reporting

• Experience administering Splunk including onboarding endpoint data sources, building searches and dashboards, and supporting SOC detection use cases

• Hands-on experience with MDM solutions (Jamf, Intune, or equivalent) – including defining and enforcing security configuration requirements, compliance baselines, and policy rollout

• Strong knowledge of endpoint hardening standards for Windows (CIS Benchmarks, STIG) and macOS (CIS macOS Benchmark, NIST guidelines)

• Experience developing and maintaining hardening baselines, including scripted or policy-driven enforcement at scale

• Ability to formalise security requirements into policies, standards, and control frameworks

• Hands-on participation in incident response for endpoint-related security events: containment, investigation, root cause analysis

• Solid understanding of attacker TTPs (MITRE ATT&CK framework) as applied to endpoint threat scenarios

• Experience in development and automation (Python/Go)

• Structured written and oral communication to ensure clarity

• Upper Intermediate or higher English level

Nice to have:

• Experience with threat hunting on endpoint telemetry – proactively identifying anomalies beyond alert-driven workflows

• Familiarity with compliance frameworks relevant to endpoint controls: PCI DSS, ISO 27001, or SOC 2 – particularly mapping hardening standards to control requirements

• Exposure to SIEM/SOAR integration forwarding endpoint events, building detection rules, or contributing to automated response playbooks

• Understanding of PKI and certificate management as applied to endpoints (device certificates, mTLS, MDM enrollment)

• Experience with privileged access controls on endpoints – local admin management, PAM integration, or application allowlisting

• Familiarity with DLP solutions and data protection policies at the endpoint level

Our benefits:

• Full-time remote work opportunities and flexible working hours

• Private insurance

• Additional 1 Day Off per calendar year

• Sports program compensation

• Comprehensive Mental Health Programme

• Free online English lessons with a native speaker

• Generous referral program

• Training, internal workshops, and participation in international professional conferences and corporate events

Originally posted on Himalayas