Senior Endpoint Security Engineer – Carbon Black, Symantec
Job Description:
• Lead enterprise-wide deployment, configuration, and lifecycle operations for Carbon Black and Symantec endpoint platforms.
• Architect scalable endpoint security solutions aligned to organizational standards and zero-trust principles.
• Develop and refine advanced policies, application controls, EDR rules, tamper protection settings, and prevention controls.
• Oversee tuning activities to balance protection, performance, and operational efficiency.
• Serve as Tier 3 engineering escalation for endpoint security issues and agent health failures.
• Lead deep-dive incident investigations using Carbon Black and Symantec telemetry, process analysis, and behavioral tracking.
• Build integrations with SIEM, SOAR, vulnerability management, and IT ops tools.
• Drive automation of endpoint management tasks through PowerShell, Python, or Bash.
• Create enterprise standards, architecture documentation, runbooks, and engineering playbooks.
• Mentor mid-level and junior engineers; contribute to team capability development.
• Evaluate new capabilities, conduct PoCs, and recommend improvements to endpoint strategy.
• Support compliance requirements including ISO 27001, NIST CSF, CIS Controls, and sector-specific mandates.
Requirements:
• 6–10 years of experience in information security or endpoint engineering roles.
• Expert-level experience with VMware Carbon Black (App Control, EDR, Cloud) including advanced policy design, incident response, and console administration.
• Expert-level experience with Symantec endpoint security platforms (SEP, SES, Symantec EDR, content policy tuning).
• Strong understanding of endpoint forensics, malware analysis fundamentals, and attacker tradecraft.
• Proficiency with Windows, macOS, and/or Linux endpoint internals and event logging.
• Demonstrated experience integrating endpoint data with SIEM/SOAR platforms.
• Ability to lead complex troubleshooting involving OS, network, and security layers.
• Strong documentation, communication, and technical leadership abilities.
• Experience designing enterprise security architectures or zero-trust endpoint models (preferred).
• Significant experience in environments with 5,000+ endpoints (preferred).
• Development or automation experience with PowerShell, Python, Bash, or REST APIs (preferred).
• Experience with threat modeling, purple teaming, or incident response leadership (preferred).
• Certifications such as CBCA, CBCM, Symantec/Broadcom certifications, GSEC, GCED, GCIA, GCFA, or similar (preferred).
Benefits:
• No Agencies Please
Apply tot his job
Apply To this Job