End Point Security Engineer

  • Location: Lemont, Illinois
  • Type: Contract
  • Job #34499

Myticas’s direct client, based in Lemont, IL is currently seeking a Endpoint Security Engineer for a 100% Remote contract position.

NOTE:  Must be a US Citizen.
 
Work Schedule: Work schedule is normal business hours 8:30am – 5:00pm CST, Monday through Friday. Work outside of these hours is not required or anticipated. Contract should be for one year (2080 hours), extended as needed.

TOP Required Skills/Experience:

1. Endpoint Management Platform Expertise
Hands-on experience with SCCM (System Center Configuration Manager), Jamf Pro, and/or Microsoft Intune for managing and securing Windows and macOS endpoints in an enterprise environment.

2. Vulnerability Management & Analysis
Proven ability to identify, analyze, and remediate endpoint vulnerabilities using tools like Tenable, Axonius, and native platform tools (Jamf, SCCM, Intune), with knowledge of frameworks such as NIST 800-53 and CIS Benchmarks.
3. Scripting & Automation Proficiency
Strong scripting skills in PowerShell, Bash, and/or Python, with experience developing modular, reusable, and secure automation for endpoint remediation and configuration management.
4. Secure SDLC & Documentation Practices
Experience with secure software development lifecycle (SDLC) practices, version control (Git), and creating clear documentation for scripts, configurations, and remediation procedures to ensure maintainability and cross-team adoption.
5. Security Framework & Compliance Knowledge
Understanding of NIST 800-53 Rev 5, CIS Benchmarks, DISA STIGs, and Microsoft Security Baselines, with the ability to implement and monitor secure baseline configurations aligned with organizational and regulatory standards.

Job Description: 
BIS-EE is seeking a full-time Endpoint Security Engineer to assist in improving our endpoint cyber hygiene and vulnerability management program in collaboration with the CSPO.

2 Scope:

This engagement requires a contract for a position for 1 year at 40 hours per week. The Endpoint Security Engineer will work closely with BIS-EE and CSPO.

3 Objectives:

The ideal candidate will work with and support the projects and tasks associated with endpoint security and endpoint vulnerability management.

4 Tasks and Delivery (Job Responsibilities):

The Endpoint Security Engineer (contractor) will be embedded within the endpoint engineering team (3 Windows engineers, 2 macOS engineers) to enhance security operations and strengthen the security posture of client workstations. Typical responsibilities include:

5 Vulnerability Management & Analysis

· Identify, analyze, and prioritize endpoint vulnerabilities using tools such as Tenable, Axonius, Jamf Pro, SCCM, Intune, Active Directory, and Entra.

· Assess environmental and operational factors that may impact remediation feasibility and timelines.

· Provide risk-based recommendations to improve the vulnerability management program.

5.1 Endpoint Remediation, Automation & Documentation

· Develop, test, and deploy remediation scripts and configurations for Windows and macOS endpoints using tools such as Jamf, ConfigMgr/SCCM, Intune, and Group Policy.

· Write clear, maintainable scripts and automation (e.g., modular logic, meaningful naming, basic error handling and logging) that can be reused by the team.

· Document scripts and configurations with purpose, parameters, usage instructions, and any security considerations to support troubleshooting and cross-team adoption.

· Maintain an organized library of remediation artifacts; if applicable, help establish and use a version-controlled repository (e.g., Git) to track changes and support basic peer review.

5.2 Baseline Configuration & Compliance

· Contribute to secure baseline configurations aligned with Argonne CSPP, NIST 800-53 Rev 5, CIS Benchmarks, Microsoft Security Baselines, DISA STIGs, and/or macOS Security Compliance Project.

· Assist in development, testing, implementation, documentation of baseline configurations.

· Monitor baseline implementation for coverage, effectiveness, unapproved deviations, and required changes.

5.3 Collaboration & Reporting

· Participate in regular team meetings to provide status updates, propose improvements, and discuss implementation strategies.

· Monitor endpoint compliance and provide reports on remediation effectiveness and baseline configurations to leadership and stakeholders.

6 Required Knowledge, Skills, and Abilities:

The ideal candidate will bring endpoint engineering expertise, strong cyber security skills, and modern, secure coding practices with 3–5 years of experience in complex large enterprise environments.

6.1 Endpoint Management

· Hands-on expertise with SCCM, Jamf Pro, and/or Microsoft Intune for Windows and macOS endpoints.

· Experience packaging and deploying applications, security updates, and scripts across enterprise platforms.

· Familiarity with Group Policy and Intune for configuration management.

6.2 Secure Coding & SDLC Practices

· Proficiency in automation scripting (PowerShell, Bash, Python) with emphasis on modular, reusable, and secure code.

· Strong grasp of SDLC principles: requirements gathering, design, implementation, testing, deployment, and maintenance.

· Experience with version control systems (Git) and collaborative development workflows (branching, pull requests, peer review).

· Ability to document code and remediations clearly for cross-team adoption and knowledge transfer.

6.3 Security Frameworks & Compliance

· Knowledge of CVE program, NIST Vulnerability Database, CISA Known Exploited Vulnerability Database, and overall vulnerability management processes.

· Experience implementing NIST 800-53 Rev 5, CIS Benchmarks, DISA STIGs, Microsoft Security Baselines, and macOS Security Compliance Project.

· Ability to translate technical fixes into measurable improvements in endpoint security posture.

· Experience using Tenable.SC or Tenable.VM as part of vulnerability management.

6.4 Soft Skills

· Strong problem-solving skills with a focus on reducing organizational risk.

· Effective communication skills to convey technical concepts to both technical and non-technical stakeholders.

· Collaborative mindset for working within a mixed Windows/macOS engineering team.

Attach a Resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!