Find your next cybersecurity opportunity


Cybersecurity Endpoint Engineer Sr



United States · Remote
Posted on Wednesday, March 27, 2024

Job Description

Champion your Endpoint talent and passion to Leidos – Work at the forefront of technology, helping clients “imagine and invent” their own future. Join Leidos to do the work you love in an inclusive, collaborative, ethical, and caring company, where you can be empowered to grow, learn and thrive in your career. Build your career with the best! In addition to delivering innovative solutions for Leidos clients, you will work with highly skilled Subject Matter Experts (SMEs), diverse network of people across Leidos businesses who are using the latest emerging technologies to address today's biggest business challenges.

The Leidos Cybersecurity, Architecture, and Engineering (CAE) organization has an immediate opening for an experienced, and motivated Cybersecurity Endpoint Engineer Sr. This role can be supported remotely or from one of the following locations: Gaithersburg, MD, Reston, VA or Orlando, FL.

The Cybersecurity Endpoint Engineer Sr will support endpoint security architecture solutions including antivirus software, firewalls, and intrusion detection/prevention systems. The position will directly contribute to the implementation of global security architecture. The candidate’s primary responsibilities include design validation, compliance, and communicating architectures that adhere to regulatory requirements and Leidos best practices. There are a lot of opportunities for creativity and innovation as you work with industry leading, enterprise grade security products, to develop solutions.

As a member of the Cybersecurity Architecture and Engineering Team (CAE), the Cybersecurity Endpoint Engineer Sr. is primarily responsible for setting processes, standards, and requirements for secure designs and architectures for Leidos Endpoint Security. The role requires a solid foundation in the design, deployment, and configuration of the next generation endpoint solutions and creating hardened operating system images.

Primary Responsibilities

  • Act as a technical Endpoint Security Engineering SME for CAE responsible for endpoint technical controls, hardened image authorization, and architecture aspects of Leidos endpoint technologies.
  • Work with Leidos Corporate customers to understand their needs and design appropriate environment controls to provide solutions that adhere to security standards.
  • Collaborate with network and systems administrators to ensure that endpoint security solutions are integrated into the organization’s overall security posture security best practices.
  • Provide technical governance and regulatory compliance validation for Leidos environments (e.g., NIST 800-171, CMMC, Privacy, among others).
  • Resolve technical security design issues as commercial enterprise solutions and business needs evolve.
  • Work closely with fellow Cybersecurity Architects and Engineers on our team with different areas of expertise (Networking, Application, Cloud, Mobile, etc.).
  • Develop and implement security policies and procedures for end-users, including guidelines for password management, email security, and the use of portable devices.
  • Provide training and support to end-users on how to use endpoint security solutions effectively.
  • Analyze tactical network architectures and topologies to assess security risks.
  • Stay up to date with the latest security trends and developments and maintain a high level of technical expertise in the field of endpoint security.
  • Work closely with Enterprise Infrastructure, Endpoint Security Engineering, Risk Management, and Vulnerability Management to mitigate risks to Leidos endpoints ensuring they adhere to security standards.
  • Play a key role on security Design Engagement Reviews (DERs) for Corporate IT.
  • Bring a passion to stay on top of tech trends, encourage innovation, implementation of cutting-edge technologies, inclusion, outside-of-the-box thinking, teamwork, self-organization and diversity.
  • Experience with Unix, RHELS OS, Windows Enterprise Active Directory architecture, and VMWare virtualization.
  • Prepare and/or present briefings on solutions, and recommendations tailored to varying levels of technical expertise.

Basic Qualifications

  • Bachelor's degree and 8-12 years of experience in Information Security with a real passion for the field. Additional years of relevant experience, training, and/or professional certifications will qualify in lieu of a degree.
  • Must be able to obtain a Security Clearance and therefor have US citizenship. Individuals do not need to possess a clearance today.
  • Demonstrated experience developing and deploying endpoint security solutions that meet customer requirements.
  • Excellent written and verbal communication skills and the ability to partner and collaborate with both engineers and customers.
  • A self-starter who can execute at the senior engineering level using a combination of learned skills, personal networking, and grit to achieve objectives.
  • Must have strong problem-solving and analytical skills.
  • Demonstrate poise and creativity while working with other architects in different domain spaces to come to a common solution.
  • Knowledge of a broad spectrum of endpoint security products and ability to conduct analysis of alternatives to onboard new enterprise capabilities.
  • Experience and comfort in taking strategic intents and driving technical organizational change.
  • Experience operating, troubleshooting, installing, and configuring endpoint security solutions (e.g. Antivirus, Application Allow-listing, Host Intrusion Prevention and Firewall, Forensic Analysis Tools, Advanced Malware Solutions, IOC Sweepers)

Preferred Qualifications

All of the below are not requirements, but would bring significant value to the team:

  • Expertise in advanced threat detection in an enterprise environment.
  • Foundational understanding of malware families, their types, and the threat they pose.
  • Previous project execution/project leadership experience is advantageous.
  • A background in Network Security, and basic knowledge of the OSI model, TCP/IP protocols, and access fundamentals will be helpful, but can be taught.
  • Knowledge and experience in DFARS; NIST 800-53; NIST 800-171
  • Knowledge of Active Directory (AD) Global Policy (GPOs) configurations and their impacts on endpoint usability.
  • Knowledge of Ansible and Linux configurations and their impacts on endpoint usability.
  • Knowledge of MacOS hardening configurations and their impacts on endpoint usability.
  • Mobile platforms configuration, hardening, and mobile application validation.
  • Experience applying STIGs or other hardening guidance to produce hardened standard images.
  • Knowledge of virtual image hardening including on-premises data center clustered virtualization, RDaaS, and IaaS instances in the cloud.
  • Knowledge of container security and hardening best practices.
  • Experience with international security standards including UK’s Cyber Essentials, AU’s Defence Industry Security Program (DISP), and ISO 27001.
  • Experience with DLP, removable media, and encryption practices to protect data loss through endpoints.
  • Support clients with data protection, IoT, and overarching cloud capabilities.

Original Posting Date:


While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $101,400.00 - $183,300.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.