This position has primary responsibility for the hardening and hygiene of end-user laptops, including audit/review of user-installed applications, removal of prohibited applications, and overall management of a whitelist/blacklist of applications and application versions. Additional responsibilities for Windows & MacOS laptop hardening and hygiene.
Responsibilities
- Leveraging enterprise tooling and automation (including Threat Locker, Jamf, etc.), and in the context of global / enterprise-level estate management practices, ensure that applications installed on laptops are approved/upgraded/hardened against vulnerabilities.
- Maintain endpoint and security objectives through monitoring systems, reporting, and key performance indicators.
- Help resolve incidents and work as the escalation point between IT Support and Security teams.
- Ensure high levels of run-state consistency across both the Windows and Mac endpoint fleets, ensuring that only authorized software is running, current, properly configured, etc.
- Understand low-level mechanics of WIN11 & MacOS operating systems, and enterprise standards for managing end-point estates at scale.
Required Skills and Qualifications
- Bachelor's degree in Computer Science, Information Technology, or related field.
- Experience implementing OS hardening per NIST 800-171 requirements.
- Experience managing endpoint protection tools such as ThreatLocker, and Rapid7.
- Deep understanding of scalable application security practices leveraging automation technologies and enterprise management standards.
- Expertise in endpoint management tools such as Intune, Airwatch, JAMF, and AutomoxSkilled in the administration of software policies, vulnerability management, and application updates to Windows 11 & MacOS devices.
- In-depth knowledge of endpoint management and security best practices including experience implementing tooling, security protocols, and compliance checks.
- Ability to communicate effectively and collaborate with staff that is both technical and non-technical.
- Proficiency in multiple scripting languages (e.g., PowerShell, Python, and Bash) and experience in developing complex automation scripts.
- SQL Reporting and query writing experience.