EndPoint Security Subject Matter Expert

EndPoint Security Subject Matter Expert

We are seeking a highly skilled Endpoint Security Subject Matter Expert (SME) to enhance and maintain enterprise‑grade endpoint protection, endpoint governance, and secure‑access controls.

Your core responsibilities will focus on Microsoft Defender (XDR & Cloud), application control solutions, Microsoft endpoint ecosystems, and endpoint compliance, with additional exposure to OT visibility as a desirable skill.

This role is ideal for someone who enjoys owning endpoint‑security domains, implementing modern device‑security controls, and working closely with customers to improve their resilience against advanced threats.

Job Description:

·        Lead deployment, configuration, and optimization of Microsoft Defender XDR, ensuring strong endpoint protection, threat detection, device hardening, and integration across the Microsoft security ecosystem.

·        Administer and maintain Microsoft Defender for Cloud, including security recommendations, posture management, and hybrid/cloud workload protection.

·        Manage and maintain ThreatLocker or other application‑control platforms, including allowlisting, policy enforcement, ringfencing, and operational troubleshooting.

·        Implement and optimize endpoint governance using Microsoft Intune, including configuration profiles, compliance policies, security baselines, and device‑lifecycle management.

·        Support directory, identity, and device policy integration using Entra ID (Azure AD), ensuring secure authentication, conditional access, and identity‑driven device posture.

·        Apply and tune Group Policy Objects (GPO) and MECM (Microsoft Endpoint Configuration Manager) for on‑premises and hybrid Windows endpoint management.

·        Support and maintain Microsoft Purview solutions, including Information Protection, DLP, Insider Risk, and Data Governance; to strengthen endpoint‑level data protection.

·        Assist in basic integration and monitoring of Nozomi OT or other OT/ICS endpoint‑visibility tools to expand security coverage beyond IT environments.

·        Monitor endpoint‑related alerts, investigate incidents, and collaborate with SOC, Cloud, and Infrastructure teams to drive remediation activities.

·        Conduct endpoint‑level troubleshooting using built‑in Microsoft tools, event logs, and device‑health telemetry to resolve issues around policy enforcement, protection status, or application behavior.

·        Document endpoint configurations, baselines, and policy changes, and support operational handover after deployment or major updates.

Job Level required: EndPoint Security Subject Matter Expert

·        Apply deep subject‑matter expertise across endpoint protection, application control, and Microsoft‑based endpoint governance

·        Work independently on moderately complex to advanced endpoint‑security initiatives.

·        Collaborate closely with SOC, Cloud Security, Identity, and Infrastructure teams to ensure consistent endpoint security posture.

·        Contribute to documentation, process improvements, and knowledge‑sharing.

·        Act as an escalation point for endpoint‑security issues and policy conflicts.

Technical Skills and Experience Required:

Essential Requirement:

1.   3–5 years of experience in endpoint security, Microsoft endpoint platforms, or XDR security operations.

2.   Strong understanding of endpoint protection, application control, device configuration, identity‑driven access, and data‑protection fundamentals.

Required Technology Implementation Experience

(Experience in a minimum of 3-4 of the following is required)

1.   Must Have:

·        Microsoft Defender XDR

·        Microsoft Defender for Cloud

·        ThreatLocker (or equivalent application control / allowlisting platform)

·        Microsoft Intune

·        Group Policy Objects (GPO)

·        MECM (Microsoft Endpoint Configuration Manager)

·        Entra ID (Azure AD)

·        Microsoft Purview (Information Protection, DLP, Insider Risk, Data Governance)

2.   Added Advantage:

·        Nozomi OT or other OT/ICS endpoint visibility tools

Basic scripting (PowerShell) for policy validation or automation