Workstation Security Engineer

We are seeking a highly technical and hands-on Workstation Security Engineer to support enterprise-level endpoint security initiatives. This role focuses specifically on identifying, analyzing, and remediating vulnerabilities at the workstation and OS level, particularly within a Windows-based environment.

The ideal candidate is not a generalist but a security engineer who deeply understands how operating system security works, knows how to interpret vulnerability reports (such as from Qualys), and can design and test effective remediations.

Key Responsibilities:

• Analyze vulnerability reports (e.g., from Qualys) and determine the root cause and remediation path.

• Design secure OS configurations aligned with security standards such as CVE and CIS benchmarks.

• Test proposed remediations hands-on in a lab environment before full deployment.

• Identify misconfigurations, outdated software, or system weaknesses on endpoint devices and implement secure solutions.

• Collaborate with the engineering team to operationalize tested remediations across the enterprise.

• Focus on closing endpoint vulnerabilities related to the Windows OS (Mac experience is a plus).

Required Skills & Experience:

• 5+ years of hands-on experience in workstation or endpoint security.

• Deep understanding of Windows OS internals and endpoint security design.

• Ability to read and interpret Qualys reports and understand the underlying technical context of reported vulnerabilities.

• Familiarity with CIS benchmarks, CVE remediation, and OS hardening best practices.

• Proven experience configuring and securing endpoints in enterprise environments.

• Comfortable working onsite part of the week in a lab environment to test solutions.

Nice-to-Have:

• Experience with MacOS endpoint security.

• Knowledge of enterprise endpoint management tools and patching workflows.

• Security certifications such as CISSP, Security+, or related credentials.