Staff Endpoint Security Engineer

Job not on LinkedIn

4 days ago

Apply Now

Receive Emails with Similar Jobs

Included Health

WebsiteLinkedInAll Job Openings

SaaS • B2B • HR Tech

Included Health is a healthcare technology company that delivers personalized, employer- and health-plan-focused primary, urgent, and behavioral health care through a single app and a network of virtual and in-person services. It blends AI-driven tools and human care teams to provide 24/7 care coordination, billing and claims advocacy, second opinions from leading specialists, and mental-health support, with the goal of lowering employer healthcare costs and improving member experience and inclusivity.

1001 - 5000 employees

☁️ SaaS

🤝 B2B

👥 HR Tech

📋 Description

• Develop, implement, and maintain a comprehensive endpoint security strategy, architecture, and roadmap covering all corporate and BYOD endpoints, with a focus on proactive defense and detection engineering. • Design and enforce security configurations, hardening standards, and baselines for diverse operating systems (Windows, macOS, ChromeOS, iOS, Android, and potentially others) to minimize attack surfaces. • Lead the selection, deployment, administration, and optimization of endpoint security solutions, including Endpoint Detection and Response (EDR/XDR) for threat detection, Mobile Device Management (MDM/UEM) for policy enforcement, Data Loss Prevention (DLP) for data protection, anti-malware, and endpoint encryption. • Develop and implement robust DLP policies and controls to prevent PHI and other sensitive data from leaving authorized systems via endpoints. • Manage endpoint encryption technologies (e.g., BitLocker, FileVault, mobile encryption) to ensure data at rest is protected. • Proactively look for threats on endpoints to identify gaps in defenses and inform the development of new detection capabilities. • **Support and provide expertise during** incident response activities for endpoint-related security events, with a focus on root cause analysis to enhance preventative and detective controls. • Conduct vulnerability assessments, manage endpoint patching and remediation efforts to address identified weaknesses in a timely manner, strengthening overall endpoint resilience. • Develop, document, and enforce endpoint security policies, standards, and procedures, particularly for BYOD environments, ensuring compliance with HIPAA and other relevant regulations. • Automate endpoint security tasks, compliance checks, defensive measure deployments, and reporting using scripting languages (e.g., Python, Go) and security orchestration tools. • Collaborate closely with IT operations, network security, application development, and legal/compliance teams to ensure a cohesive security posture and integrate endpoint defenses. • Provide expert consultation and support to end-users and IT staff on endpoint security matters and best practices. • Stay current with the latest endpoint threats, vulnerabilities, and security technologies to continuously improve our defenses.

🎯 Requirements

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. • 5+ years of experience in endpoint security, with a strong emphasis on **designing, building, implementing, and managing** security controls, detection mechanisms, and defensive capabilities across a diverse range of endpoint operating systems (Windows, macOS, iOS, Android). • Proven hands-on experience with leading Endpoint Detection and Response (EDR/XDR) solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black) for **threat detection engineering and security policy enforcement.** • Demonstrable experience with Mobile Device Management (MDM) / Unified Endpoint Management (UEM) platforms (e.g., Microsoft Intune, Jamf Pro, VMware Workspace ONE, Kandji, MobileIron) for **enforcing security configurations and policies.** • Strong knowledge of endpoint hardening techniques, security configuration management, and policy enforcement across multiple OS platforms, with a focus on building resilient systems. • Experience designing and implementing endpoint Data Loss Prevention (DLP) strategies and tools. • Proficiency in scripting languages (e.g., Python, PowerShell, Bash) for automating endpoint security tasks, tool integrations, and **deployment of defensive measures.** • Experience with endpoint attack vectors, malware, persistence mechanisms, and **designing effective mitigation and detection techniques.** • Experience with endpoint vulnerability management, patch management processes, and tools, focused on proactive remediation. • Experience with network security principles (TCP/IP, DNS, DHCP, VPNs, firewalls) as they relate to designing and implementing endpoint security controls. • Experience working in regulated environments and a strong understanding of HIPAA compliance requirements as they apply to endpoint protection and data handling.

🏖️ Benefits

• Remote-first culture • 401(k) savings plan through Fidelity • Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance) • Paid Time Off ("PTO") and Discretionary Time Off ("DTO") • 12 weeks of 100% Paid Parental leave • Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies. • Work-From-Home reimbursement to support team collaboration home office work