Overview:

SOFTSWISS continues to expand the team and is looking for an Endpoint Security Engineer.

Key responsibilities:

  • Deploy, configure, and maintain(as L3) endpoint security solutions

  • Own the end-to-end vulnerability management process for endpoints

  • Develop and enforce endpoint hardening standards

  • Collaborate with the SOC and other security teams to correlate endpoint telemetry with network and cloud events for threat detection and response

  • Participate in the resolution of endpoint-related security incidents

  • Support and administer the existing Splunk deployment - ensuring stability, data source coverage, and platform reliability; drive its evolution as a Security BI platform through advanced dashboards, metrics, and reporting tailored to endpoint security and management needs

Required Experience:

  • 5+ years of hands-on experience in endpoint security engineering, with a focus on Windows and macOS environments

  • Deep expertise with modern EDR/XDR - deployment, policy configuration, agent management, and L3-level troubleshooting

  • Proven experience with vulnerability management processes end-to-end: asset discovery, prioritization, remediation tracking, and reporting

  • Experience administering Splunk including onboarding endpoint data sources, building searches and dashboards, and supporting SOC detection use cases

  • Hands-on experience with MDM solutions (Jamf, Intune, or equivalent) - including defining and enforcing security configuration requirements, compliance baselines, and policy rollout

  • Strong knowledge of endpoint hardening standards for Windows (CIS Benchmarks, STIG) and macOS (CIS macOS Benchmark, NIST guidelines)

  • Experience developing and maintaining hardening baselines, including scripted or policy-driven enforcement at scale

  • Ability to formalise security requirements into policies, standards, and control frameworks

  • Hands-on participation in incident response for endpoint-related security events: containment, investigation, root cause analysis

  • Solid understanding of attacker TTPs (MITRE ATT&CK framework) as applied to endpoint threat scenarios

  • Experience in development and automation (Python/Go)

  • Structured written and oral communication to ensure clarity

  • Upper Intermediate or higher English level

Nice to have:

  • Experience with threat hunting on endpoint telemetry - proactively identifying anomalies beyond alert-driven workflows

  • Familiarity with compliance frameworks relevant to endpoint controls: PCI DSS, ISO 27001, or SOC 2 - particularly mapping hardening standards to control requirements

  • Exposure to SIEM/SOAR integration forwarding endpoint events, building detection rules, or contributing to automated response playbooks

  • Understanding of PKI and certificate management as applied to endpoints (device certificates, mTLS, MDM enrollment)

  • Experience with privileged access controls on endpoints - local admin management, PAM integration, or application allowlisting

  • Familiarity with DLP solutions and data protection policies at the endpoint level

Our benefits:

  • Full-time remote work opportunities and flexible working hours

  • Private insurance

  • Additional 1 Day Off per calendar year

  • Sports program compensation

  • Comprehensive Mental Health Programme

  • Free online English lessons with a native speaker

  • Generous referral program

  • Training, internal workshops, and participation in international professional conferences and corporate events