Endpoint Security Architect

Role & responsibilities

We are seeking a highly skilled Endpoint Security Architect to secure our enterprises endpoints across physical, virtual, cloud, and development environments. This role requires deep experience in automation, scripting, cloud-managed provisioning, and securing modern development workstations, including environments supporting AI workloads and sensitive data processing. You will implement and operate endpoint security tools, enforce policy across VDI and SaaS ecosystems, and integrate telemetry for proactive threat detection and response.

Preferred candidate profile

• Manage and optimize endpoint protection platforms (EDR/XDR, AV, DLP, disk encryption, host firewalls) for a range of environments, including development workstations, virtual desktops (Citrix, AWS Workspaces), and cloud-managed devices (Autopilot, Intune). Optimize controls for development systems running EPM, Containers and other DevOps specific tooling
• Design, implement, and manage Privileged Access Workstation (PAW) environments to enforce secure administrative access, including hardening baselines, OS configuration, network segmentation, and application whitelisting aligned with Zero Trust principles
• Implement data security controls on endpoints, including classification, encryption, and DLP policies, to protect sensitive and regulated data (PII, PHI, IP)
• Support CASB and SaaS tooling (Microsoft Defender for Cloud Apps, Zscaler, Obsidian) to enforce data protection and access control across cloud apps.
• Write and maintain automation scripts in PowerShell and Python to deploy configurations, monitor system posture, and generate compliance reports.
• Integrate endpoint data with SIEM and SOAR platforms and support playbooks for automated alert triage, response, and remediation. Participate in purple teaming increase detection and prevention efficacy.
• Contribute to compliance efforts (CIS, NIST 800-53, NIST CSF) by ensuring endpoint configurations meet required standards and control objectives.
• Monitor endpoint health, vulnerability status, and patch compliance; coordinate engineering teams for rapid resolution.

Other skills:

• Maintain up-to-date documentation of configurations, procedures, and automated workflows.
• Ability to work collaboratively across security, IT, DevOps, and data teams in an AGILE first environment
• Excellent communication and documentation skills to explain complex security topics to technical and non-technical stakeholders