Endpoint Engineer

Summary

Join Halcyon, a leading cybersecurity company, as an IT Endpoint Engineer. You will be responsible for managing the provisioning, configuration, and security of user endpoints across various operating systems. This role requires a blend of engineering and strategic thinking to ensure a secure and seamless experience for our global, remote-first workforce. You will develop and maintain zero-touch deployment workflows, define baseline configurations, manage device health, and enforce compliance with security benchmarks. Automation and scripting skills are essential for this position. Halcyon offers a comprehensive benefits package including health insurance, retirement plan, paid time off, and more.

Requirements

• 3+ years managing enterprise macOS and Windows endpoints at scale in a remote-first org
• Proficiency with Jamf Pro, Microsoft Intune, or equivalent MDM/UEM platforms
• Experience with scripting for automation (Bash, Python, PowerShell)
• Deep understanding of endpoint security best practices (e.g., device trust, compliance policies, patch management)
• Familiarity with conditional access policies, identity federation
• Experience enforcing endpoint compliance in Zero Trust architectures

Responsibilities

• Develop and maintain zero-touch deployment workflows (MDM)
• Define baseline configuration profiles, packages, and OS policies for fleet consistency
• Manage inventory, device health metrics, and enforce EOL/refresh cycles
• Work closely with security to align endpoints with CIS/NIST benchmarks
• Implement and monitor full disk encryption, OS patch compliance, antivirus/EDR
• Remediate misconfigurations or non-compliant devices using policy-based enforcement and scripts
• Build scripts and policies to automate provisioning, updates, and configuration drift remediation
• Integrate endpoint telemetry with SIEM, EDR platforms
• Optimize workflows through tools such as PowerShell, Python, or Swift scripting
• Partner with IT and Security to define escalation workflows and handle complex endpoint escalations
• Contribute to internal IT documentation and runbooks
• Evaluate new tools and lead pilots for endpoint-related platforms

Preferred Qualifications

• Experience with EDR/XDR tools
• Exposure to vulnerability management platforms or asset inventory integrations
• Working knowledge of Splunk, Jira, and Microsoft 365 Admin Center
• Previous experience working in a security-forward or regulated environment (SOC 2, FedRAMP, etc.)

Benefits

• Comprehensive healthcare (medical, dental, and vision) with premiums paid in full for employees and dependents
• 401k plan with a generous employer contribution
• Short and long-term disability coverage, basic life and AD&D insurance plans
• Medical and dependent care FSA options
• Flexible PTO policy
• Parental leave
• Generous equity offering