Description
Endpoint Security Stack Manager
Role Overview
Own the operations, health, and continual improvement of the enterprise endpoint security stack—delivering high coverage, fast detection/containment, tight compliance, and great engineer/operator experience. Tools in scope include CrowdStrike Falcon EDR/XDR, Microsoft Intune (MEM) for Windows/macOS/iOS/Android MDM/MAM, Qualys VMDR (incl. PC/SCA), Absolute for asset assurance, and device compliance gating (Intune + Entra Conditional Access). This role collaborates closely with the SOC/MXDR provider and infra/client-engineering to maintain a defensible, auditable endpoint posture at scale.
Scope & Tooling (authoritative systems)
* EDR/XDR: CrowdStrike Falcon (sensors, prevention policies, RTR, identity protection, device control).
* MDM/MEM: Microsoft Intune/MEM (enrollment, configuration profiles, compliance policies, app protection, update rings).
* Vulnerability & Config: Qualys VMDR + Policy Compliance + Secure Configuration Assessment (agents, scanners, appliances).
* Asset Assurance: Absolute (agent health, tamper detection, device location/lock/wipe).
* Device Compliance/Zero Trust: Intune + Entra Conditional Access device posture gates, aligned to GT endpoint standards.
* Adjacencies: Endpoint Privilege Mgmt (e.g., CyberArk EPM), encryption (BitLocker/FileVault), SIEM/SOAR and SOC integrations—per GT's defense‑in‑depth architecture.
Key Responsibilities
Platform Operations & Maintenance
* Own day‑to‑day operations of EDR/MDM/VM/Asset Assurance platforms: console administration, policy lifecycle, agent currency, tuning, and change control (CAB) aligned to GT standards.
* Maintain sensor/agent health & coverage across all supported OSes; drive auto‑healing and deployment automation (Intune, scripts) to keep coverage above target SLAs.
* Run Qualys scans at scale (agents/appliances), fix coverage gaps, and partner with patching teams on remediation SLAs.
* Administer device compliance policies and Conditional Access posture gates for Zero Trust access; minimize user friction while enforcing baseline.
* Oversee Absolute for asset assurance (visibility, investigation support, and recovery workflows).
Detection, Response & SOC Collaboration
* Ensure high‑fidelity EDR detections and rapid containment (isolation, RTR, IOCs), with playbooks aligned to the SOC/MXDR provider; continuously tune to reduce false positives.
* Serve as tier‑3/engineering escalation for endpoint incidents; contribute to incident post‑mortems, root cause fixes, and lessons‑learned hardening.
Governance, Risk & Compliance
* Align all tooling and controls with GT Endpoint Security Standard and defense‑in‑depth architecture; maintain audit‑ready evidence, runbooks, and metrics.
* Own tool control mappings to CIS/NIST/ISO; partner with GRC for control attestations and external audits.
Engineering & Automation
* Drive policy-as-code and automation for agent deployment, compliance enforcement, and reporting (PowerShell, KQL, Python, Graph, APIs).
* Rationalize integrations with SIEM/SOAR, CMDB/asset systems, ticketing, and collaboration tools—consistent with the enterprise architecture.
Lifecycle & Vendor Management
* Manage licensing, renewals, roadmaps, and vendor/MSP/MSSP relationships; evaluate new capabilities (e.g., identity threat protection, device control enhancements).
M&A / New Environment Onboarding
* Lead EDR and Qualys roll‑in for acquisitions per the InfoSec M&A Playbook: uninstall legacy agents, deploy GT standard agents, integrate to SOC, and hit day‑1 protection/visibility.
*
Required Experience & Qualifications
* 8+ years in endpoint security/operations; 3+ years leading EDR/MDM/Vulnerability platforms at enterprise scale.
* Hands‑on with CrowdStrike Falcon, Intune/MEM (Windows/macOS/iOS/Android), Qualys VMDR/PC/SCA, Absolute, and device compliance/Conditional Access; familiarity with CyberArk EPM, BitLocker/FileVault helpful in GT context.
* Strong OS internals (Windows/macOS/Linux), scripting (PowerShell, KQL, Python), packaging/deployment, API integrations.
* Knowledge of NIST CSF, CIS benchmarks, ISO 27001; ITIL change/problem.
* Certifications a plus: CrowdStrike (CCFR/CCFA/CCFH), Microsoft (SC‑200/AZ‑500/MS‑101), Qualys, GIAC (GCIA/GCED/GCFA), ITIL.
#LI-KS1