Endpoint Security Engineer

Overview

SOFTSWISS continues to expand the team and is looking for an Endpoint Security Engineer.

Key responsibilities

• Deploy, configure, and maintain(as L3) endpoint security solutions
• Own the end-to-end vulnerability management process for endpoints
• Develop and enforce endpoint hardening standards
• Collaborate with the SOC and other security teams to correlate endpoint telemetry with network and cloud events for threat detection and response
• Participate in the resolution of endpoint-related security incidents
• Support and administer the existing Splunk deployment – ensuring stability, data source coverage, and platform reliability; drive its evolution as a Security BI platform through advanced dashboards, metrics, and reporting tailored to endpoint security and management needs

Required Experience

• 5+ years of hands-on experience in endpoint security engineering, with a focus on Windows and macOS environments
• Deep expertise with modern EDR/XDR – deployment, policy configuration, agent management, and L3-level troubleshooting
• Proven experience with vulnerability management processes end-to-end: asset discovery, prioritization, remediation tracking, and reporting
• Experience administering Splunk including onboarding endpoint data sources, building searches and dashboards, and supporting SOC detection use cases
• Hands-on experience with MDM solutions (Jamf, Intune, or equivalent) – including defining and enforcing security configuration requirements, compliance baselines, and policy rollout
• Strong knowledge of endpoint hardening standards for Windows (CIS Benchmarks, STIG) and macOS (CIS macOS Benchmark, NIST guidelines)
• Experience developing and maintaining hardening baselines, including scripted or policy-driven enforcement at scale
• Ability to formalise security requirements into policies, standards, and control frameworks
• Hands-on participation in incident response for endpoint-related security events: containment, investigation, root cause analysis
• Solid understanding of attacker TTPs (MITRE ATT&CK framework) as applied to endpoint threat scenarios
• Experience in development and automation (Python/Go)
• Structured written and oral communication to ensure clarity
• Upper Intermediate or higher English level

Nice to have

• Experience with threat hunting on endpoint telemetry – proactively identifying anomalies beyond alert-driven workflows
• Familiarity with compliance frameworks relevant to endpoint controls: PCI DSS, ISO 27001, or SOC 2 – particularly mapping hardening standards to control requirements
• Exposure to SIEM/SOAR integration forwarding endpoint events, building detection rules, or contributing to automated response playbooks
• Understanding of PKI and certificate management as applied to endpoints (device certificates, mTLS, MDM enrollment)
• Experience with privileged access controls on endpoints – local admin management, PAM integration, or application allowlisting
• Familiarity with DLP solutions and data protection policies at the endpoint level