NetFortris, A Sangoma Company is seeking a motivated and detail-oriented Endpoint Security Engineer to strengthen the company’s security posture. The role involves designing and implementing endpoint security solutions, collaborating with various teams to investigate security events, and enhancing security capabilities.
Responsibilities:
- Serve as an escalation point for SOC/EDR/XDR alerts and suspected security incidents
- Automate and optimize Incident Response procedures with PowerShell, Python, and scripted API calls
- Write custom detection rules in EDR platforms such as CrowdStrike, SentinelOne, and Microsoft Defender
- Test and deploy EDR agent updates
- Evaluate and implement endpoint and endpoint adjacent security solutions
- Document Incident Response procedures and cross-train technical personnel on those procedures
- Participate in penetration testing and tabletop Incident Response exercises
- Produce and improve security dashboards and reports
- Maintain solution and procedure documentation
- Collaborate with IT, Infrastructure, and Cloud teams to implement secure endpoint configurations and controls
- Identify gaps in endpoint security coverage and recommend remediation or enhancements
- Support vulnerability remediation and endpoint hardening initiatives
- Participate in an on-call rotation, being reachable 24/7 during assigned on-call periods, one week per month
- Coordinate with SOC and IT teams to investigate and resolve high-priority endpoint security incidents during on-call periods
Requirements:
- 4–6 years of experience in a security, SOC, or Incident Response role
- Solid experience working with one or more EDR solutions such as Sentinel One, CrowdStrike, or Microsoft Defender
- In-depth understanding of threat behaviors in the context of the MITRE ATT&CK Framework
- Intermediate understanding of Windows, MacOS, and Linux file structures and process architecture
- Experience participating in ITIL-oriented Change Management, Incident Management, and Problem Management processes in an enterprise environment
- Experience with automation and API calls via Python and/or PowerShell
- One or more industry-standard security certifications including but not limited to Security+, CySA+, Microsoft SC-200, CEH, GIAC, or similar
- Solid experience working with SIEM / SOAR solutions for event correlation and automated response
- Experience performing forensic investigations and malware analysis
- Ability to perform and document penetration testing exercises
- Knowledge of cloud and/or hybrid environments such as Microsoft 365, Azure, AWS, Intune, or similar platforms