End-Point Protection Engineer at TAD PGS, Inc. — NeverHard

We have an outstanding Contract position for anEnd-Point Protection Engineer. This position is 100% remote. Pay Rate: $60.15/hr **US Citizenship is required.** **Candidate must have the ability to obtain and maintain a Public Trust. ** Provides senior engineering support for enterprise endpoint security across the contract environment. This role designs, implements, and sustains endpoint protection capabilities for Windows, macOS, and iOS endpoints, including workstation and server environments, while enforcing security baselines and federal cybersecurity requirements. The engineer leads vulnerability remediation, patch and supersedence execution, and POA&M closure activities to maintain security posture and audit readiness. The position also drives operational visibility through automation, documentation, and transparent reporting to stakeholders. Job Responsibilities: Endpoint Security Engineering & Baseline Management + Architect, implement, and maintain enterprise endpoint protection strategies across Windows, macOS, iOS, workstation, and server platforms. + Define, enforce, and continuously improve endpoint security baselines using Microsoft Defender for Endpoint and Microsoft Intune. + Lead deployment and configuration of antivirus and endpoint protection tooling, including policy tuning, signature/DAT update management, and scheduled scans. + Validate new endpoint security configurations in controlled environments before production rollout. Vulnerability, Patching & POA&M Execution + Own endpoint patching strategy and execution across managed endpoint environments, including supersedence management. + Monitor vulnerability findings, assess risk and severity, and coordinate remediation with technical teams and system owners. + Lead development, tracking, and closure of endpoint POA&Ms with clear milestones and risk-based prioritization. + Ensure remediation and patch activities support ongoing compliance objectives and audit readiness. Threat Monitoring, Incident Response & Reporting + Monitor endpoint security telemetry and respond to endpoint-specific threats, suspicious activity, and policy non-compliance. + Serve as an escalation point for complex endpoint incidents and coordinate with SOC and incident response stakeholders for broader investigations. + Create and maintain automation scripts and reporting workflows for endpoint compliance, vulnerability status, and remediation tracking. + Maintain accurate SOPs, runbooks, and status reporting to support governance, audit response, and service transparency. Stakeholder Coordination & Technical Leadership + Collaborate with federal stakeholders, ISS teams, and partner vendors to validate endpoint security posture and operational readiness. + Provide senior technical guidance to engineering and operations teams on endpoint security architecture and best practices. + Support audit remediation activities (e.g., FISMA, IG, GAO) by preparing evidence and tracking corrective actions. + Drive continuous improvement initiatives that increase automation, resilience, and efficiency of endpoint security operations. Basic Hiring Criteria: + Bachelor's in a relevant field (e.g., Information Technology, Computer Science, Engineering). + 8+ years of experience in enterprise endpoint security engineering in large, regulated environments. + Advanced experience designing, implementing, and managing Microsoft Defender for Endpoint and Intune security baselines. + Hands-on experience in vulnerability management, endpoint patching strategies, supersedence processes, and POA&M resolution. + Experience documenting SOPs/runbooks and providing compliance-focused reporting to federal stakeholders. + Microsoft Defender for Endpoint. + Microsoft Intune endpoint and mobile device security baseline management. + Endpoint vulnerability assessment, remediation coordination, and POA&M tracking. + Enterprise endpoint patching and supersedence management. + Antivirus/endpoint protection deployment, signature/DAT update operations, and scheduled scan management. + Endpoint threat triage, escalation, and response coordination. + Automation scripting for reporting and remediation. + Process documentation, status reporting, and compliance evidence support . Desired Qualifications: + Experience supporting federal IT operations under FISMA and NIST-aligned controls. + Experience implementing endpoint compliance enforcement at enterprise scale across distributed/remote workforces. + Experience integrating endpoint tooling and metrics into enterprise dashboards and executive reporting. + Demonstrated success leading cross-team remediation efforts for audit findings and complex security incidents. + Prior experience supporting SEC or similarly regulated federal civilian agency environments. + Microsoft SC-200 (Security Operations Analyst). + Microsoft MD-102 (Endpoint Administrator). + CISSP. Benefits offered vary by contract. Depending on your temporary assignment, benefits may include direct deposit, free career counseling services, 401(k), select paid holidays, short-term disability insurance, skills training, employee referral bonus, and affordable medical coverage plan, and DailyPay (in some locations). For a full description of benefits available to you, be sure to talk with your recruiter. Military connected talent encouraged to apply. VEVRAA Federal Contractor / Request Priority Protected Veteran Referrals / Equal Opportunity Employer / Veterans / Disabled To read our Candidate Privacy Information Statement, which explains how we will use your information, please visithttp://www.tadpgs.com/candidate-privacy/orhttps://pdsdefense.com/candidate-privacy/ The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable: + The California Fair Chance Act + Los Angeles City Fair Chance Ordinance + Los Angeles County Fair Chance Ordinance for Employers + San Francisco Fair Chance Ordinance