Senior Endpoint Security Engineer

Summary

Join our Information Security team as a Senior Endpoint Security Engineer to manage and enhance endpoint and perimeter defenses using SentinelOne EDR/XDR, Cloudflare WAF, and our SIEM solution. Collaborate with IT, Compliance, and Application Owners to ensure robust security controls and threat response in a healthcare environment. Key responsibilities include managing SentinelOne, administering Cloudflare WAF, optimizing SIEM integrations, designing custom detection rules, monitoring alerts, conducting investigations, and creating post-incident reports. You will also work on endpoint hardening, support audits, assist with secure application delivery, and proactively enhance detection logic. This role requires 5+ years of experience in detection engineering or endpoint security, hands-on experience with specified platforms, and strong knowledge of security architecture and threat detection. We offer competitive salary, equity, performance-based bonuses, 401k matching, comprehensive benefits, flexible time-off, remote-first culture, and professional development opportunities.

Requirements

• You have 5+ years in detection engineering, cyber defense, or endpoint security engineering role or equivalent experience
• You have deep hands-on experience with EDR/XDR tools (SentinelOne preferred), Cloudflare, and SIEM platforms
• You have strong knowledge of endpoint security architecture, WAF rulesets, log correlation, and threat detection methodologies
• You have experience in incident response, digital forensics, and technical reporting
• You are familiar with regulatory and compliance frameworks (HIPAA, HITRUST, NIST)

Responsibilities

• Own and maintain the configuration and lifecycle management of SentinelOne EDR/XDR platform across all endpoints
• Administer and tune policies in Cloudflare WAF to protect external-facing applications from OWASP Top 10 threats and targeted attacks
• Manage and optimize SIEM platform integrations, log sources, parsing rules, alert logic, and storage
• Design and implement custom detection rules, behavioral policies, and threat intelligence feeds for SentinelOne and SIEM
• Monitor and triage real-time alerts from EDR/XDR, WAF, and SIEM
• Coordinate with IT and application owners to validate findings, assess impact, and drive containment or mitigation activities
• Conduct detailed investigations of valid security events and incidents using forensic and log analysis techniques
• Draft and deliver post-incident reports, including timeline of events, root cause analysis, containment/remediation steps, and lessons learned
• Work closely with IT Systems Engineering on endpoint hardening, policy enforcement (GPO/MDM), and software deployment strategy
• Partner with GRC to support audit readiness and maintain alignment with HIPAA, HITRUST, and NIST CSF requirements
• Support DevOps and business teams in secure application delivery and infrastructure security reviews
• Proactively enhance detection logic and reduce false positives through continuous tuning
• Develop automated workflows and playbooks to streamline response using SOAR or scripting where applicable
• Assist in the development of security standards, SOPs, and hardening guides within the Endpoint Security area of ownership

Preferred Qualifications

• You are proficient in scripting (e.g., Python, PowerShell) for automation (highly desirable)
• You have relevant certifications (e.g., GCED, GCIH, CEH, or vendor-specific)

Benefits

• Our commitment to attracting and retaining top talent begins with a competitive base salary and equity opportunities
• Additionally, we offer a performance-based bonus program, 401k matching, and regular compensation reviews to recognize and reward exceptional contributions
• We prioritize the health and well-being of our employees and their families by providing comprehensive medical, dental, and vision coverage
• We understand the importance of mental health in fostering productivity and maintaining work-life balance
• To support this, we offer initiatives such as No-Meeting Fridays, monthly company holidays, access to mental health resources, and a generous flexible time-off policy
• Additionally, we embrace a remote-first culture that supports collaboration and flexibility, allowing our team members to thrive from any location
• Developing internal talent is a priority for Clover
• We offer learning programs, mentorship, professional development funding, and regular performance feedback and reviews
• Employee Stock Purchase Plan (ESPP) offering discounted equity opportunities
• Reimbursement for office setup expenses
• Monthly cell phone & internet stipend
• Remote-first culture, enabling collaboration with global teams
• Paid parental leave for all new parents