Position Objective:
Provide technical and operational leadership for AIA's global endpoint security capability—owning the strategy, engineering standards, and day-to-day governance of EDR/AV and endpoint hardening controls across Windows, Linux, and cloud workloads. Ensure high tool health and coverage, accelerate detection and response outcomes through SIEM/SOAR integrations and automation, and partner with SOC/IR, workplace/infra teams, and business stakeholders to reduce endpoint risk while maintaining user productivity.
Roles and Responsibilities:
- Own global endpoint security product strategy and roadmap (EDR/AV, exploit mitigation, device control, host firewall, application control), aligning to security architecture, regulatory expectations, and business priorities.
- Lead engineering design for endpoint policies and baselines across Microsoft Intune, GPO, and configuration management tooling; define reusable standards for hardening, exceptions, and drift management.
- Ensure effective security coverage across user endpoints, servers, and cloud workloads; drive agent lifecycle management (packaging, deployment, upgrades, health monitoring, decommissioning) and achieve/maintain ≥90% compliant deployment and update posture.
- Operational ownership of endpoint security services: incident triage and escalation, problem management, major incident participation, change governance, and continuous service improvement (ITIL-aligned).
- Partner closely with SOC and Incident Response teams to optimize detection logic, response playbooks, and containment actions (e.g., isolate host, kill process, quarantine file); reduce MTTD/MTTR for endpoint-driven incidents.
- Drive SIEM/data integration for endpoint telemetry and alerts; ensure reliable log pipelines, enrichment, and normalization to enable analytics and reporting at scale.
- Lead integration of adjacent security controls with endpoint platforms (e.g., email/web protection, secure web gateways, threat gateways such as Proofpoint and Zscaler) to improve end-to-end threat prevention and response.
- Own governance for exception handling and risk acceptance: define criteria, technical compensating controls, approval workflow, and periodic review to minimize long-lived bypasses.
- Drive vulnerability and exposure reduction through secure configuration baselines (e.g., CIS Benchmarks), mapping to frameworks (e.g., MITRE ATT&CK) and collaborating with patch/vulnerability management teams on prioritization.
- Define service KPIs/SLAs, dashboards, and operational reporting for leadership and country stakeholders; run regular service reviews to improve adoption, stability, and user experience.
- Lead vendor management for endpoint security tools and managed services: contract governance, performance management, roadmap influence, and cost optimization.
- Coach and mentor engineers/analysts; build operating procedures, knowledge base articles, and runbooks to scale consistent support across regions.
- Monitor emerging threats and platform changes (Windows, Linux, macOS where applicable, and cloud); continuously evaluate new features and recommend technical improvements with clear risk/value trade-offs.
- Lead the strategy, implementation, and continuous improvement of endpoint security solutions, including EDR platforms.
- Oversee endpoint security policy management across Intune and Group Policy Objects (GPO).
- Drive feature enhancements and operational excellence in endpoint security tools.
- Expand coverage on agent guardrails and runtime security to strengthen overall endpoint resilience.
- Collaborate with IT, security operations, and compliance teams to align endpoint security with organizational goals.
- Monitor emerging threats and industry trends to proactively adapt endpoint security measures.
- Provide leadership, mentorship, and guidance to technical teams supporting endpoint security operations.
- Experience managing endpoint security Products
- Ability to manage the EDR and AV products in the estate
- Strong understanding of ITIL process ie Incident Change Problem Major Incident Management would be an advantage
- Proficient on these Endpoint principal areas.
o EndPoint Protection - Antivirus, HIPS, EDR
o Strong knowledge of Windows, Linux and Cloud
o SIEM / Data Integration experience
o COTS Security Hardening - Gold Images, ProofPoint, Exchange Online Protection, Threat Gateways
o Vulnerability Management - CIS Benchmarks, MITRE ATT&CK Framework
- Manage and troubleshoot issues related to application, ensure stakeholder management for potential issues on endpoint tools
- Coordinate with in country stakeholders to ensure there is atleast 90% compliance on deployment of agents and their updates
- Drive integration of multiple tools such as ProofPoint, ZScaler with endpoint EDR solution.
Minimum Job Requirements:
- 8+ years experience in information security / endpoint security engineering or operations, including 3+ years in a leadership or people-management role.
- Bachelor's degree in Computer Science, Computer Engineering, Information Systems, or a related field (or equivalent practical experience).
- Hands-on experience managing enterprise EDR and endpoint protection platforms at scale (policy design, deployment, upgrades, troubleshooting, and reporting).
- Strong knowledge of endpoint OS and enterprise management: Windows (including GPO), Intune/MDM, and Linux fundamentals; understanding of identity and access concepts and how they impact endpoint controls.
- Experience working closely with Security Operations Centers, Incident Response, and security architecture / systems engineering to deliver detection and response outcomes.
- Experience with cloud environments (Azure, AWS, and/or AliCloud), including endpoint/workload telemetry and control integration.
- Working knowledge of SIEM integration and data pipelines for security telemetry; ability to define log requirements and validate end-to-end ingestion quality.
- Knowledge of automation/configuration management (e.g., scripting, orchestration) to improve operational efficiency and reduce manual effort.
- Strong problem-solving and analytical skills; able to translate complex technical issues into risk, options, and recommendations for stakeholders.
- Excellent written and verbal communication skills; ability to influence across global, cross-functional teams and at multiple seniority levels.
Preferred / Advantage:
- ITIL Foundation (or demonstrated experience running incident/change/problem management).
- Security certifications such as CISSP, CISM, GCED/GCIA, or vendor certifications relevant to EDR/endpoint platforms.
- Experience implementing security baselines (e.g., CIS) and working with threat frameworks (e.g., MITRE ATT&CK) for control mapping and detection engineering.
- Experience operating in a regulated financial services environment and supporting audits, control testing, and evidence production.