System Security Engineer

About This Role

Responsibilities

• Administer and manage endpoint detection and response solutions including Microsoft Defender for Endpoint, CrowdStrike Falcon, and SentinelOne.
• Perform policy configuration, exclusions management, alert triage, and proactive threat hunting.
• Manage next-generation antivirus and exploit protection features such as Attack Surface Reduction (ASR), Controlled Folder Access, and exploit mitigation.
• Configure Windows Defender Firewall, web filtering, and endpoint device control policies (e.g., USB restrictions).
• Implement application control using AppLocker and Windows Defender Application Control (WDAC).
• Apply Windows security hardening based on CIS Benchmarks and Microsoft Security Baselines.
• Manage Group Policy (GPO) and ADMX configurations including local admin restrictions and Windows LAPS.
• Manage enterprise device lifecycle using platforms such as Microsoft Intune, Microsoft Endpoint Configuration Manager (SCCM/MECM), Jamf (macOS), and Workspace ONE.
• Support device provisioning, enrollment workflows, and Windows Autopilot deployments.
• Manage patching using Windows Update for Business, WSUS, and SCCM.
• Deploy and maintain third-party updates for applications such as Google Chrome, Java, and Adobe Acrobat.
• Package and deploy applications using MSI, MSIX, and Win32 formats via scripting or management tools.
• Work with identity services including Active Directory and Microsoft Entra ID.
• Configure Conditional Access policies and device compliance policies.
• Manage endpoint security features including BitLocker disk encryption, key escrow, and recovery processes.
• Implement credential protection mechanisms such as Credential Guard, LSASS protection, and disabling legacy protocols (e.g., SMBv1, NTLM where possible).
• Support certificate-based authentication using PKI fundamentals for device, Wi-Fi, and VPN authentication.
• Analyze endpoint telemetry from Windows Event Logs, Sysmon, and Microsoft Defender advanced hunting.
• Support incident response activities including host isolation, artifact collection, scanning, containment, and remediation.
• Conduct endpoint triage investigations involving processes, services, scheduled tasks, registry persistence, and system artifacts.
• Perform threat hunting using KQL queries and map findings to the MITRE ATT&CK framework.
• Demonstrate understanding of networking concepts including TCP/IP, DNS, DHCP, and proxy configurations.
• Troubleshoot TLS/certificate issues, VPN client behavior, and split-tunneling impacts.
• Understand network requirements and firewall/proxy considerations for EDR and MDM communications.
• Develop automation scripts using PowerShell for device inventory, compliance validation, and remediation tasks.
• Integrate with APIs such as Microsoft Graph and EDR platform APIs for automation and reporting. Basic knowledge of Python scripting is considered an advantage.

Qualifications & Skills

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 3–6+ years of experience in endpoint security, system security engineering, or cybersecurity operations.
• Hands-on experience with Microsoft security ecosystem including Defender, Intune, and Entra ID.
• Strong knowledge of endpoint protection technologies, device management, and security hardening practices.
• Experience with scripting (PowerShell required; Python is a plus).
• Familiarity with threat hunting, incident response, and endpoint forensic analysis.

Preferred Certifications

• CompTIA Security+
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• Microsoft Security or Endpoint Management certifications