REQUIRED EXPERIENCE:
Citizenship/Work Authorization: Must meet contract requirements.
Clearance: Ability to obtain and maintain SEC Public Trust (or higher if required).
Education: Bachelors in a relevant field (e.g., Information Technology, Computer Science, Engineering).
Experience:
- 8+ years of experience in enterprise endpoint security engineering in large, regulated environments.
- Advanced experience designing, implementing, and managing Microsoft Defender for Endpoint and Intune security baselines.
JOB TITLE: END POINT ENGINEER
JOB LOCATION: WASHINGTON, DC
WAGE RANGE*: 56.00-60.00 PER HOUR
JOB NUMBER: SAIJP00038835
JOB DESCRIPTION
Endpoint Security Engineering & Baseline Management
- Architect, implement, and maintain enterprise endpoint protection strategies across Windows, macOS, iOS, workstation, and server platforms.
- Define, enforce, and continuously improve endpoint security baselines using Microsoft Defender for Endpoint and Microsoft Intune.
- Lead deployment and configuration of antivirus and endpoint protection tooling, including policy tuning, signature/DAT update management, and scheduled scans.
- Validate new endpoint security configurations in controlled environments before production rollout.
Vulnerability, Patching & POA&M Execution
- Own endpoint patching strategy and execution across managed endpoint environments, including supersedence management.
- Monitor vulnerability findings, assess risk and severity, and coordinate remediation with technical teams and system owners.
- Lead development, tracking, and closure of endpoint POA&Ms with clear milestones and risk-based prioritization.
- Ensure remediation and patch activities support ongoing compliance objectives and audit readiness.
Threat Monitoring, Incident Response & Reporting
- Monitor endpoint security telemetry and respond to endpoint-specific threats, suspicious activity, and policy non-compliance.
- Serve as an escalation point for complex endpoint incidents and coordinate with SOC and incident response stakeholders for broader investigations.
- Create and maintain automation scripts and reporting workflows for endpoint compliance, vulnerability status, and remediation tracking.
- Maintain accurate SOPs, runbooks, and status reporting to support governance, audit response, and service transparency.
Stakeholder Coordination & Technical Leadership
- Collaborate with federal stakeholders, ISS teams, and partner vendors to validate endpoint security posture and operational readiness.
- Provide senior technical guidance to engineering and operations teams on endpoint security architecture and best practices.
- Support audit remediation activities (e.g., FISMA, IG, GAO) by preparing evidence and tracking corrective actions.
- Drive continuous improvement initiatives that increase automation, resilience, and efficiency of endpoint security operations.
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.