Endpoint Security Engineer

Information Technology --> Cyber
Remote
ID: 1233-383
Full-Time/Regular
This role is a hands-on Windows Endpoint Security Specialist supporting a Cisco ISE team, focused on endpoint compliance, posture validation, and automated remediation.
Key Responsibilities

• Develop, test, and maintain advanced PowerShell scripts to automate endpoint compliance validation, data collection, and reporting aligned with security and DISA STIG requirements
• Design and implement automated remediation scripts to restore non-compliant endpoints to required baselines, including STIG configurations and endpoint security agent health
• Deploy and manage remediation solutions through Cisco Secure Client to support automated compliance enforcement
• Collaborate with Cisco ISE engineers to implement, optimize, and troubleshoot posture assessment workflows and NAC policy enforcement
• Investigate and resolve endpoint-side issues impacting network access compliance and client provisioning
• Correlate vulnerability scan results with endpoint configuration gaps to drive remediation efforts
• Validate and monitor patch management systems (WSUS, SCCM, Intune) to ensure endpoint update compliance
• Support endpoint certificate management and PKI-related requirements as needed
• This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.

Required Skills

• Must be able to obtain Secret security clearance.
• Advanced PowerShell scripting for automated compliance checks (registry, services, file permissions)
• PowerShell scripting for automated remediation of non-compliant endpoint configurations and STIG settings
• Ability to create scripts for data gathering and compliance status reporting
• Deep knowledge of Windows endpoint internals and endpoint security tooling
• Strong EPP/EDR experience, including validating agent install status, service health, versioning, and signature/definition updates
• Experience configuring and auditing host-based firewalls (Windows Defender Firewall)
• Understanding of data-at-rest encryption and verification methods (e.g., BitLocker)
• Familiarity with application whitelisting/application control concepts and enforcement
• Ability to interpret vulnerability scan results and correlate them with endpoint configuration and STIG findings
• Practical experience auditing and implementing DISA STIG requirements for Windows endpoints
• Proficiency with Cisco ISE posture assessment and policy configuration for endpoint compliance
• Ability to integrate endpoints with ISE for posture/NAC and troubleshoot posture/client provisioning issues
• Understanding of patch management processes and validating patching agent health (WSUS, SCCM, Intune)
• Working knowledge of PKI/certificate management on endpoints, including trusted root certificates

Preferred Qualifications

• B.A or B.S. in a degree such as Computer Science, Information Systems or Information Technology or 7 years related experience.
• Experience working in a DoD healthcare IT environment.

Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.
We Offer

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters—supported by a company that invests in you.
*All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status*