Endpoint Security Engineer

Job Description Summary

The role of a BD Endpoint Security Engineer is responsible for managing, optimizing, and evolving the organization’s endpoint protection technologies to ensure comprehensive threat detection, prevention, and response across all enterprise devices. This position will maintain current endpoint security platforms – Microsoft Defender for Endpoint (MDE), Trellix HX, and Symantec Endpoint Protection (SEP) – and will play a key role in the transition to any new EDR platforms in the future.

Job Description

Job Responsibilities

• Coordinate with multi-functional teams to ensure timely and effective endpoint detection capabilities, following BD’s internal policies and procedures.
• Serve as liaison between technical teams and the business, ensuring clear and concise communication with management teams.
• Serve as the technical owner and SME for all Endpoint Detection and Response (EDR) platforms: Microsoft Defender for Endpoint, Trellix HX, Symantec Endpoint Protection, and any future EDR platforms.
• Develop and maintain endpoint security policies, configurations, and baselines across Windows, MacOS, and Linux systems.
• Integrate endpoint telemetry with the BD SIEM (Microsoft Sentinel) and SOAR platforms for real-time detection and automated response.
• Develop, monitor and tune EDR analytics, rules, and detections aligned to MITRE ATT&CK framework techniques and evolving threat intelligence.
• Collaborate with the BD SOC for all incident response activities related to endpoint threats, including triage, containment, eradication, and recovery.
• Collaborate with the Threat Detection Operations, Attack Surface Management, and IT Infrastructure teams to ensure comprehensive endpoint visibility and coverage.
• Evaluate and implement new security capabilities, including next-gen EDR/XDR functionality as the organization continues to evolve and transition to new endpoint toolsets.
• Maintain documentation for endpoint configurations, response playbooks, and system integrations
• Provide technical expertise during audits and compliance assessments (CMMC, NIST 800-53, NIST CSF, etc.).
• Support vulnerability and patch management processes by ensuring telemetry accurately reflects asset health and risk posture.
• Develop and maintain comprehensive reports on endpoint detection performance, security incidents, and compliance metrics using data from the various EDR toolsets.
• Author and maintain programmatic and technical documentation, configuration guides, and standard operating procedures (SOPs).
• Collaborate with cross-functional teams to implement security best practices, foster knowledge sharing, and provide mentorship to junior engineers.

Education:

• Preferred certifications or the ability to acquire, such as CISSP, CCSP, or other certifications recognized in the industry.
• Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Defender XDR, or other relevant certifications (e.g., CISSP, OSCP, CEH).

Experience:

• A minimum of 5 years of experience in security engineering roles, with a focus on threat detection, endpoint security, or SIEM solutions, and the proven ability to operate cross functionally to execute business wide initiatives is preferred
• Preferred 3-5 years of experience in general cybersecurity roles, with a focus on threat detection, EDR/XDR, and SIEM solutions.
• Hands-on experience managing Microsoft Defender for Endpoint, Trellix HX, and Symantec Endpoint Security (or equivalent).
• Experience with EDR tuning, behavioral detections, IOC management, and response workflows.
• Familiarity with EDR/XDR API integrations.
• Experience integrating EDR/XDR platforms with Microsoft Sentinel or similar SIEMs.
• Working knowledge of MITRE ATT&CK, NIST CSF, CMMC, and ISO frameworks.

Knowledge and Skill

Non-technical or soft skills:

• Excellent verbal and written communications skills, project management and the ability to articulate complex security issues to both technical and non-technical stakeholders.
• High motivation, with dynamic and customer-centric skills and the ability to thrive in a challenging and changing high-pressure environment.
• Strong leadership, effective meeting management, group facilitation and mentoring skills with a proven ability to work across teams.
• Strong documentation discipline and the ability to translate technical findings into actionable recommendations.
• Able to work autonomously while maintaining a high level of accuracy and attention to detail.
• Highly analytical mindset with a proactive approach to problem-solving and continuous improvement.
• Ability to manage multiple tasks and prioritize effectively in a fast-paced, dynamic environment.
• Proven ability to mentor and guide junior engineers and analysts.
• Proficient understanding and applicability of:
  • NIST Cybersecurity framework
  • FDA cybersecurity guidance
  • MITRE ATT&CK framework
  • Lockheed Martin Cyber Kill Chain

Technical:

• Advanced knowledge of EDR/XDR platforms, including Microsoft Defender for Endpoint, Trellix HX, SEP, and other leading endpoint security platforms.
• Strong understanding on Windows Event Logging, PowerShell, and endpoint telemetry.
• Scripting experience with PowerShell or Python for automation and data enrichment.
• Advanced knowledge of Microsoft Sentinel, the Azure security stack (Microsoft Defender, Azure Security Center, Azure AD), and integration with cloud and on-premises environments.
• Experience with log optimization tools for log routing, transformation, and enrichment.
• Proficiency with Kusto Query Language (KQL) for advanced threat-hunting, log analysis, and analytic rule creation.
• Strong understanding of security incident response processes, including root cause analysis and remediation techniques.
• Experience managing vendors and/or contractors on projects and problem resolution.

Required Skills

Optional Skills

.

Primary Work Location

IND Bengaluru - Technology Campus

Additional Locations

Work Shift