Senior Endpoint Security Engineer

Clover Health
Summary
Join our Information Security team as a Senior Endpoint Security Engineer to manage and enhance endpoint and perimeter defenses using SentinelOne EDR/XDR, Cloudflare WAF, and our SIEM solution. Collaborate with IT, Compliance, and Application Owners to ensure robust security controls and threat response in a healthcare environment. Key responsibilities include managing SentinelOne, administering Cloudflare WAF, optimizing SIEM integrations, designing custom detection rules, monitoring alerts, conducting investigations, and creating post-incident reports. You will also work on endpoint hardening, support audits, assist with secure application delivery, and proactively enhance detection logic. This role requires 5+ years of experience in detection engineering or endpoint security, hands-on experience with specified platforms, and strong knowledge of security architecture and threat detection. We offer competitive salary, equity, performance-based bonuses, 401k matching, comprehensive benefits, flexible time-off, remote-first culture, and professional development opportunities.
Requirements
- You have 5+ years in detection engineering, cyber defense, or endpoint security engineering role or equivalent experience
- You have deep hands-on experience with EDR/XDR tools (SentinelOne preferred), Cloudflare, and SIEM platforms
- You have strong knowledge of endpoint security architecture, WAF rulesets, log correlation, and threat detection methodologies
- You have experience in incident response, digital forensics, and technical reporting
- You are familiar with regulatory and compliance frameworks (HIPAA, HITRUST, NIST)
Responsibilities
- Own and maintain the configuration and lifecycle management of SentinelOne EDR/XDR platform across all endpoints
- Administer and tune policies in Cloudflare WAF to protect external-facing applications from OWASP Top 10 threats and targeted attacks
- Manage and optimize SIEM platform integrations, log sources, parsing rules, alert logic, and storage
- Design and implement custom detection rules, behavioral policies, and threat intelligence feeds for SentinelOne and SIEM
- Monitor and triage real-time alerts from EDR/XDR, WAF, and SIEM
- Coordinate with IT and application owners to validate findings, assess impact, and drive containment or mitigation activities
- Conduct detailed investigations of valid security events and incidents using forensic and log analysis techniques
- Draft and deliver post-incident reports, including timeline of events, root cause analysis, containment/remediation steps, and lessons learned
- Work closely with IT Systems Engineering on endpoint hardening, policy enforcement (GPO/MDM), and software deployment strategy
- Partner with GRC to support audit readiness and maintain alignment with HIPAA, HITRUST, and NIST CSF requirements
- Support DevOps and business teams in secure application delivery and infrastructure security reviews
- Proactively enhance detection logic and reduce false positives through continuous tuning
- Develop automated workflows and playbooks to streamline response using SOAR or scripting where applicable
- Assist in the development of security standards, SOPs, and hardening guides within the Endpoint Security area of ownership
Preferred Qualifications
- You are proficient in scripting (e.g., Python, PowerShell) for automation (highly desirable)
- You have relevant certifications (e.g., GCED, GCIH, CEH, or vendor-specific)
Benefits
- Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities
- Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions
- We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage
- We understand the importance of mental health in fostering productivity and maintaining work-life balance
- To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy
- Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location
- Developing internal talent is a priority for Clover
- We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews
- Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
- Reimbursement for office setup expenses
- Monthly cell phone & internet stipend
- Remote-first culture, enabling collaboration with global teams
- Paid parental leave for all new parents