Key skills
Endpoint SecurityDevice ManagementWindows Endpoint SecuritymacOS Endpoint SecurityLinux Endpoint SecurityOS HardeningDisk EncryptionBrowser SecurityHost FirewallsEndpoint TelemetryLocal Admin Privilege ReductionControlled Elevation ModelsScriptingConfiguration ManagementConditional AccessPrivileged AccessAudit Evidence ProductionAICommunication
About this role
Nscale is a GPU cloud engineered for AI, providing high-performance infrastructure for AI start-ups and large enterprises. The role involves building and operating endpoint and device security for Nscale employees and stakeholders, focusing on creating a measurable operating model for security across various device types.
Responsibilities:
- Own endpoint and device security architecture across employee devices, engineering workstations, privileged admin devices, and site-support endpoints
- Define secure baseline standards for operating systems, browsers, disk encryption, host firewalls, endpoint telemetry, and configuration hardening
- Develop practical device standards for remote workers, office users, data center staff, contractors, and high-risk user populations
- Establish device posture requirements for access to enterprise applications, production systems, privileged workflows, and sensitive data
- Integrate endpoint posture with identity, privileged access, vulnerability management, and detection workflows
- Partner with Identity and Privileged Access teams to support high-risk application and production access decisions
- Drive local admin reduction and controlled elevation patterns that reduce risk without creating operational dead ends
- Lead endpoint rollout readiness, including deployment sequencing, exception handling, user communication, rollback planning, and adoption metrics
- Create an exception model with clear ownership, risk documentation, compensating controls, expiry, and review cadence
- Define endpoint telemetry requirements to support investigations, detection engineering, audit evidence, and executive reporting
- Build visibility into device security posture through dashboards covering coverage, stale devices, unmanaged endpoints, local admin status, and telemetry health
- Measure progress through metrics such as coverage, unmanaged devices, local admin reduction, hardening compliance, and endpoint detection health
Requirements:
- 7+ years in endpoint security, device management, enterprise security engineering, infrastructure security, or related engineering roles
- Hands-on experience securing Windows, macOS, and/or Linux endpoints in enterprise environments
- Experience with device management, endpoint detection, OS hardening, disk encryption, browser security, host firewalls, and endpoint telemetry
- Experience reducing standing local admin privileges or implementing controlled elevation models
- Strong scripting, automation, packaging, configuration, or endpoint workflow engineering skills
- Ability to balance strong endpoint controls with user experience, operational reliability, and business velocity
- Experience partnering with IT, identity, infrastructure, security operations, legal, privacy, and business stakeholders
- Experience securing high-risk engineering populations, data center support teams, privileged administrators, or remote-first workforces
- Experience using device posture in conditional access, privileged access, or production access decisions
- Experience producing audit-ready evidence for device controls and endpoint security posture