Remote End-Point Protection Engineer

Job#: 3036889

Role Overview

The End-Point Protection Engineer provides senior engineering support for enterprise endpoint security. This role designs, implements, and sustains endpoint protection capabilities for Windows, macOS, and iOS endpoints, including workstation and server environments. The engineer leads vulnerability remediation, patch execution, and related closure activities to maintain security posture and audit readiness, while also driving operational visibility through automation and reporting.

Key Responsibilities

• Architect, implement, and maintain enterprise endpoint protection strategies across Windows, macOS, and iOS platforms.
• Define, enforce, and continuously improve endpoint security baselines using Microsoft Defender for Endpoint and Microsoft Intune.
• Lead deployment and configuration of antivirus and endpoint protection tooling, including policy tuning and update management.
• Validate new endpoint security configurations in controlled environments before production rollout.
• Own the endpoint patching strategy and execution, including supersedence management.
• Monitor vulnerability findings, assess risk, and coordinate remediation with technical teams.
• Monitor endpoint security telemetry and respond to endpoint-specific threats and suspicious activity.
• Create and maintain automation scripts and reporting workflows for endpoint compliance and vulnerability status.
• Collaborate with stakeholders and partner vendors to validate endpoint security posture.
• Provide senior technical guidance to engineering and operations teams on endpoint security best practices.

Required Qualifications

• A Bachelor's degree in a relevant field such as Information Technology, Computer Science, or Engineering is required.
• 8+ years of experience in enterprise endpoint security engineering within large, regulated environments. This includes advanced experience designing and managing Microsoft Defender for Endpoint and Intune security baselines, along with hands-on experience in vulnerability management, endpoint patching strategies, and compliance reporting.
• Microsoft Defender for Endpoint
• Microsoft Intune endpoint and mobile device security baseline management
• Endpoint vulnerability assessment and remediation coordination
• Enterprise endpoint patching and supersedence management
• Antivirus and endpoint protection deployment and operations
• Endpoint threat triage and response coordination
• Automation scripting for reporting and remediation
• Process documentation and status reporting

Preferred Qualifications

• Experience supporting federal IT operations under FISMA and NIST-aligned controls.
• Experience implementing endpoint compliance enforcement for distributed workforces.
• Experience integrating endpoint tooling and metrics into enterprise dashboards.
• Demonstrated success leading cross-team remediation efforts for audit findings.
• Prior experience supporting similarly regulated federal civilian agency environments.
• Microsoft SC-200 (Security Operations Analyst) certification.
• Microsoft MD-102 (Endpoint Administrator) certification.
• CISSP certification.

Work Environment

This position is designated for telework. Participation in on-call or surge support activities may be required depending on operational needs.

Important Information

Candidates must be able to obtain and/or maintain a Public Trust clearance as a condition and continuation of employment.

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package.

Everforth Apex uses a virtual recruiter as part of the application process. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Everforth Apex and its affiliates, and contracted partners.

Everforth Apex Systems is an equal opportunity employer.