Sr Endpoint Security Engineer

Stefanini Group is looking for a Senior Endpoint Security Engineer for a globally recognized company. This high-impact role involves leading strategy and execution in endpoint security and identity management, focusing on a modern, cloud-first environment.

Responsibilities:

• Own and manage Jamf Pro for macOS fleet (configuration, compliance, patching)
• Lead Apple Business Manager integration for automated device enrollment & lifecycle
• Implement endpoint hardening (CIS benchmarks, encryption, policy enforcement)
• Deploy & optimize CrowdStrike (or equivalent EDR/XDR)
• Partner with MDR/MSSP providers for 24/7 threat coverage
• Investigate alerts, tune detections, and improve response playbooks
• Integrate and manage: Microsoft Entra ID (Azure AD), Okta (SSO, MFA, lifecycle), Google Workspace (existing identity layer)
• Build conditional access policies tied to device posture
• Enable seamless SSO and identity federation
• Automate provisioning/deprovisioning across Jamf, Okta, Entra ID, Google Workspace
• Build scripts (Python/Bash) and API integrations
• Integrate with SIEM/SOAR platforms (e.g., Sentinel, Splunk)
• Support SOX / SOC 2 / ISO audit readiness
• Maintain endpoint and identity security documentation
• Deliver reporting on device compliance, vulnerabilities, and incidents

Requirements:

• 5+ years in endpoint security or endpoint engineering
• Strong hands-on experience with: Jamf Pro (macOS management is a must), Apple Business Manager, CrowdStrike or similar EDR/XDR
• Identity platform experience: Entra ID (Azure AD), Okta
• Experience in Google Workspace environments
• Solid understanding of Zero Trust and endpoint security frameworks
• Scripting: Python, Bash, or PowerShell
• Jamf / CrowdStrike / Okta certifications
• Experience with MDR/MSSP environments
• SIEM tools (Splunk, Sentinel)
• Experience in SOX-compliant environments
• API integrations across security platforms