Senior Cyber Engineer, Security Endpoint (SD/TX/DC/Remote) (R4653)

You will be the technical expert for endpoint security, responsible not just for tools, but for how endpoint security actually works day-to-day: how agents are deployed, how configurations are enforced, how access is controlled, and how drift is detected and remediated.

You will design and run the systems that ensure our endpoints stay in a known-good, compliant state across different OSes, environments, and risk profiles. This includes heavy involvement in configuration management, automation, RBAC design, and policy enforcement, especially in environments where traditional MDM solutions fall short.

What you'll do:

• Own the deployment, configuration, and lifecycle management of endpoint security tooling (EDR/ETR/EPP, host-based controls, hardening frameworks).
• Design and enforce security configuration baselines across Windows, macOS, and Linux systems.
• Build and manage configuration enforcement mechanisms (Ansible-based or similar) to detect and remediate drift on endpoints, particularly Linux systems.
• Develop automation to:
  -Deploy endpoint agents and security tooling
  -Apply role/group/system-type specific configurations
  -Continuously re-apply or enforce desired-state configurations
• Partner on RBAC design and implementation for endpoint and server access
• Collaborate with IT, Infrastructure, and Security teams to integrate endpoint security with:
  -Identity and access controls
  -Server and workstation provisioning pipelines
  -Incident response and detection workflows
• Write and maintain code and infrastructure that supports endpoint security enforcement (Python, Bash, PowerShell, Ansible; Terraform as applicable).
• Help define and document endpoint security standards, runbooks, and operational playbooks.
• Serve as a a technical voice for endpoint security decisions, tradeoffs, and future roadmap planning.

Required qualifications:

• Experience in security engineering, endpoint security, systems administration, or systems security.
• Hands-on experience deploying and managing enterprise endpoint security tools.
• Strong understanding of Windows, macOS, and Linux internals, hardening techniques, and security controls.
• Significant experience with configuration management and enforcement, especially: Ansible or similar, Desired-state or drift-remediation models
• Strong scripting and automation skills in Python and Bash (PowerShell experience is a plus).
• Experience designing or supporting RBAC models for endpoint or server access.
• Ability to work independently, take ownership of complex systems, and drive improvements end-to-end.

Preferred qualifications:

• Bachelor’s degree or equivalent professional certification and experience.

$110,000 - $168,000 a year

Full-time regular employee offer package:

Pay within range listed + Bonus + Benefits + Equity

Temporary employee offer package:

Pay within range listed above + temporary benefits package (applicable after 60 days of employment)

Salary compensation is influenced by a wide array of factors including but not limited to skill set, level of experience, licenses and certifications, and specific work location. All offers are contingent on a cleared background and possible reference check. Military fellows and part-time employees are not eligible for benefits. Please speak to your talent acquisition representative for more information.

Shield AI is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.