Key skills
Endpoint MDM solutionsJamfKandjiIntuneEndpoint vulnerability scanning toolsCrowdStrikeTenableHost hardening configurationMac OSWindows OSLinux OSVulnerability ManagementThreat ModelingExploit validationVariant analysisScriptingCorporate security toolingEndpoint securityIdentity securityData securityVendor securityMeasurement and metricsAutonomous work deliveryGenAICollaboration
About this role
Netflix is a company dedicated to entertaining the world through innovative storytelling and technology. They are seeking a talented L5 Security Engineer specializing in Endpoint Security to identify and manage risks across software on Netflix endpoints and drive the development of scalable technical security controls.
Responsibilities:
- Identify and manage risks across all software on Netflix endpoints
- Drive the development of scalable technical security controls that enhance business agility and reduce risk for workforce-related business scenarios
- Design, implement, and validate protective endpoint security controls
- Develop and roll out solutions for host hardening, vulnerability identification, and effective patch management to maintain defined security standards and prevent configuration drift across devices
- Design and test host hardening configurations for Mac, Windows, and Linux systems
- Design and execute a comprehensive Patch and Vulnerability Management Strategy, enforcement, and apply Threat Intelligence to prioritize the remediation of endpoint vulnerabilities at the OS, App, and App Configuration levels
- Evaluate build vs. buy security capabilities through requirement gathering, cost-benefit analysis, and accurate estimation of development effort
- Provide standard business-hours operational support for Workforce Security and participate in infrequent 24/7 Incident Response as needed
Requirements:
- Knowledge of commercially available endpoint MDM solutions such as Jamf, Kandji, or Intune
- Working experience with commercially available endpoint vulnerability scanning tools such as CrowdStrike, Tenable
- Experience designing and testing host hardening configuration for at least two of the major operating systems (Mac, Windows, Linux)
- Understanding of Vulnerability Management practices
- Threat Modeling competency to influence control right-sizing and other prioritization efforts
- Ability to validate publicly disclosed exploits and perform variant analysis
- Scripting (must be able to script, not to production level, and use of GenAI is sufficient)
- Autonomously drives work delivery (bias to action)
- Cross-functional collaboration skills
- High-level familiarity with the functionality of commercially available corporate security tooling in the areas of endpoint, identity, data, and vendor security
- Ability to navigate ambiguity by taking strategic goals and decomposing them into actionable project plans
- Using measurement and metrics to drive decision-making and outcomes