Device/Endpoint Security Engineer
Herndon, Virginia, United States of America
Contract
3 days ago
Key skills
AnalyticsAWSEntra IDPrismaOktaSplunkRisk Management
About this role
Device / Endpoint Security Engineer (Posture, Enforcement, EDR ) Location: Herndon, VA
Clearance: Secret
Who We Are:
Since our inception back in 2006, Navitas has grown to be an industry leader in the digital transformation space, and we ve served as trusted advisors supporting our client base within the commercial, federal, and state and local markets.
What We Do:
At our very core, we re a group of problem solvers providing our award-winning technology solutions to drive digital acceleration for our customers! With proven solutions, award-winning technologies, and a team of expert problem solvers, Navitas has consistently empowered customers to use technology as a competitive advantage and deliver cutting-edge transformative solutions.
What you will do:
The Device / Endpoint Security Engineer owns the Devices pillar (PWS 5.3) for the Navitas-led USCIS ZTIS-2 effort. Designs, deploys, and operates endpoint posture, EDR, MDM/UEM, device-compliance enforcement, and centralized device threat-protection capabilities across agency-owned and BYOD endpoints (Windows, macOS, Linux, mobile). Drives USCIS Devices-pillar maturity from Initial Advanced/Optimal per CISA ZTMM, and integrates device telemetry into SIEM/SOAR for automated quarantine and remediation.
Key Responsibilities
- Lead the Devices pillar (PWS 5.3) Policy Enforcement & Compliance Monitoring, Asset & Supply-Chain Risk Management, Resource Access, and Device Threat Protection.
- Design, deploy, and operate the USCIS EDR / MDM / posture stack; tune detection content; maintain golden baseline images.
- Engineer automated quarantine and isolation playbooks integrated with Swimlane SOAR (PWS 5.7.3.b).
- Run continuous compliance monitoring; identify and remediate posture drift; integrate with vulnerability and patch management.
- Partner with Identity, Networks, and Visibility & Analytics pillar leads on cross-pillar enforcement chains (device posture conditional access micro-segmentation).
- Produce Devices-pillar ZTMM maturity evidence; support monthly PMR and Government deliverables.
- Support incident response from the endpoint perspective; participate in on-call rotation.
Required Qualifications
- Bachelor's degree in Computer Science, Cybersecurity, Information Systems, EE, or related discipline (4 additional years of relevant experience may substitute).
- 5+ years hands-on enterprise endpoint security engineering design, deploy, and operate EDR, MDM/UEM, posture, and compliance tooling at scale ( 10K endpoints).
- Hands-on with at least two of: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Tanium, or VMware Carbon Black.
- Experience with MDM / UEM platforms Microsoft Intune, VMware Workspace ONE, Jamf (macOS), or IBM MaaS360.
- Experience with device posture / NAC / ZTNA enforcement platforms Cisco ISE, Forescout, Palo Alto Prisma Access, Zscaler ZPA, Netskope Private Access, or equivalent.
- Working knowledge of Windows, macOS, and Linux endpoint hardening per DISA STIG and CIS Benchmarks.
- Experience with vulnerability management Tenable.sc/.io, Nessus, Qualys, or Rapid7 and integration with patch management (SCCM, Intune, Ivanti, BigFix).
- Familiarity with NIST SP 800-53 (CM, SI, RA control families), NIST SP 800-128, CISA ZTMM Devices pillar, and HSPD-12 PIV operations.
- DoD 8570/8140 IAT-II baseline certification Security+ CE, CySA+, CCNA Security, GCIH, GMON, or CISSP held or obtainable within 90 days of EOD.
- U.S. Citizenship required.
- Active DHS USCIS Public Trust clearance or Secret (or above) for reciprocity.
Preferred Skills
- Direct USCIS / DHS / federal-civilian experience operating multi-OS fleets at agency scale.
- EDR detection-content engineering custom IOAs/IOCs, CrowdStrike Real-Time Response, Defender Live Response, or SentinelOne Storyline tuning.
- Continuous device attestation, TPM-based health, Microsoft Intune compliance policies, and Conditional Access integration with ZT identity (Entra ID, Okta, SailPoint, Ping).
- Software/asset management and software supply-chain controls SBOM ingestion, code-signing enforcement, allow-listing (Microsoft App Control / WDAC, Jamf restrictions, AppLocker).
- Integration of endpoint telemetry into Splunk Enterprise Security and Swimlane SOAR for automated quarantine/isolation workflows (PWS 5.7.3.b).
- Production of Devices-pillar ZTMM Before/After maturity scorecards with quantified KPIs (% encrypted, % EDR-covered, MTTD, MTTR, mean-time-to-quarantine).
- BYOD enforcement design and policy tradeoffs in regulated federal environments.
- Familiarity with CISA CDM Phase 1 (HWAM/SWAM) and Phase 2 (CSM) data feeds and dashboards.
- Vendor certifications: CrowdStrike CCFA / CCFR / CCFH; Microsoft SC-200; Tanium TCAA; SentinelOne Vigilance.
- Advanced GIAC: GCED, GCFE, GCFA, GMON, GNFA.
- Experience with Mobile Threat Defense Lookout, Zimperium, Wandera.
- Experience with IoT/OT visibility tooling Armis, Claroty, Forescout eyeInspect relevant to mixed agency device populations.
- AWS Certified Security Specialty; Microsoft AZ-500.
Equal Employer/Veterans/Disabled
Navitas Business Consulting is an affirmative action and equal opportunity employer. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Navitas Human Resources.