DescriptionEndpoint Security Stack Manager Role OverviewOwn the operations, health, and continual improvement of the enterprise endpoint security stack—delivering high coverage, fast detection/containment, tight compliance, and great engineer/operator experience. Tools in scope include CrowdStrike Falcon EDR/XDR, Microsoft Intune (MEM) for Windows/macOS/iOS/Android MDM/MAM, Qualys VMDR (incl. PC/SCA), Absolute for asset assurance, and device compliance gating (Intune + Entra Conditional Access). This role collaborates closely with the SOC/MXDR provider and infra/client-engineering to maintain a defensible, auditable endpoint posture at scale. Scope & Tooling (authoritative systems)EDR/XDR: CrowdStrike Falcon (sensors, prevention policies, RTR, identity protection, device control).MDM/MEM: Microsoft Intune/MEM (enrollment, configuration profiles, compliance policies, app protection, update rings).Vulnerability & Config: Qualys VMDR + Policy Compliance + Secure Configuration Assessment (agents, scanners, appliances). Asset Assurance: Absolute (agent health, tamper detection, device location/lock/wipe). Device Compliance/Zero Trust: Intune + Entra Conditional Access device posture gates, aligned to GT endpoint standards. Adjacencies: Endpoint Privilege Mgmt (e.g., CyberArk EPM), encryption (BitLocker/FileVault), SIEM/SOAR and SOC integrations—per GT's defense‑in‑depth architecture.Key ResponsibilitiesPlatform Operations & MaintenanceOwn day‑to‑day operations of EDR/MDM/VM/Asset Assurance platforms: console administration, policy lifecycle, agent currency, tuning, and change control (CAB) aligned to GT standards. Maintain sensor/agent health & coverage across all supported OSes; drive auto‑healing and deployment automation (Intune, scripts) to keep coverage above target SLAs.Run Qualys scans at scale (agents/appliances), fix coverage gaps, and partner with patching teams on remediation SLAs. Administer device compliance policies and Conditional Access posture gates for Zero Trust access; minimize user friction while enforcing baseline. Oversee Absolute for asset assurance (visibility, investigation support, and recovery workflows).Detection, Response & SOC CollaborationEnsure high‑fidelity EDR detections and rapid containment (isolation, RTR, IOCs), with playbooks aligned to the SOC/MXDR provider; continuously tune to reduce false positives.Serve as tier‑3/engineering escalation for endpoint incidents; contribute to incident post‑mortems, root cause fixes, and lessons‑learned hardening.Governance, Risk & ComplianceAlign all tooling and controls with GT Endpoint Security Standard and defense‑in‑depth architecture; maintain audit‑ready evidence, runbooks, and metrics. Own tool control mappings to CIS/NIST/ISO; partner with GRC for control attestations and external audits.Engineering & AutomationDrive policy-as-code and automation for agent deployment, compliance enforcement, and reporting (PowerShell, KQL, Python, Graph, APIs).Rationalize integrations with SIEM/SOAR, CMDB/asset systems, ticketing, and collaboration tools—consistent with the enterprise architecture. Lifecycle & Vendor ManagementManage licensing, renewals, roadmaps, and vendor/MSP/MSSP relationships; evaluate new capabilities (e.g., identity threat protection, device control enhancements). M&A / New Environment OnboardingLead EDR and Qualys roll‑in for acquisitions per the InfoSec M&A Playbook: uninstall legacy agents, deploy GT standard agents, integrate to SOC, and hit day‑1 protection/visibility. Required Experience & Qualifications8+ years in endpoint security/operations; 3+ years leading EDR/MDM/Vulnerability platforms at enterprise scale.Hands‑on with CrowdStrike Falcon, Intune/MEM (Windows/macOS/iOS/Android), Qualys VMDR/PC/SCA, Absolute, and device compliance/Conditional Access; familiarity with CyberArk EPM, BitLocker/FileVault helpful in GT context. Strong OS internals (Windows/macOS/Linux), scripting (PowerShell, KQL, Python), packaging/deployment, API integrations.Knowledge of NIST CSF, CIS benchmarks, ISO 27001; ITIL change/problem. Certifications a plus: CrowdStrike (CCFR/CCFA/CCFH), Microsoft (SC‑200/AZ‑500/MS‑101), Qualys, GIAC (GCIA/GCED/GCFA), ITIL.#LI-KS1