Cyber Security Endpoint Engineer

POSITION SUMMARY

Salary $100,000-$120,000

The Cyber Security Endpoint Engineer is responsible for implementing and managing endpoint security solutions across the Chicago Transit Authority, including workstations, laptops, mobile devices, and servers. This role focuses on the deployment, configuration, and ongoing maintenance of endpoint protection technologies—such as antivirus, endpoint detection and response (EDR), and encryption tools—to safeguard devices from cyber threats. The engineer ensures consistent application of security policies, actively monitors endpoint health and threat activity, and works closely with IT and security teams to investigate incidents and support compliance across all endpoint platforms.

PRIMARY RESPONSIBILITIES               

• Deploy, configure, and manage endpoint protection tools (e.g., EDR, NGAV, encryption, host-based firewalls).


• Deploy, configure, and manage endpoint remote access tools.


• Test endpoint security software to ensure compatibility and proper functionality across multiple operating systems, including Linux, Windows, and macOS.


• Monitor endpoint security alerts and logs to identify, analyze, and respond to threats or anomalies.


• Administer and maintain endpoint detection & response (EDR) platforms.


• Assist to develop and enforce endpoint security policies, including application control, device control, and encryption.


• Automate endpoint security tasks using scripting or centralized management tools.


• Integrate third-party tools (e.g., SIEM, SOAR, MDM, vulnerability scanners) with endpoint protection platforms.


• Assist in evaluating and onboarding new third-party tools for improved endpoint protection and visibility.


• Ensure reliable data flow and compatibility between endpoint security tools and enterprise systems through APIs and connectors.


• Troubleshoot integration issues between endpoint systems and third-party platforms.


• Maintain documentation of endpoint security architecture, configurations, procedures, and incident response activities.


• Perform regular assessments of system and endpoint configurations to ensure compliance with security standards and best practices.


• Assist in OS and software patch management initiatives for endpoints.


• Assist in vulnerability management efforts related to endpoints.


• Collaborate with IT Support and desktop engineering teams to ensure secure deployment and maintenance of cyber security endpoint software.


• Collaborate with IT and cyber security teams to investigate and remediate endpoint-related incidents.


• Researches and analyzes cybersecurity threat indicators and their behaviors for the prevention, detection, containment, and correction of security breaches, and recommends threat mitigation strategies.


• Assesses new security technologies to determine potential value for the enterprise.


• Performs related duties as assigned.

MANAGEMENT RESPONSIBILITIES

Reporting to this position are the following jobs:

Job Title

N/A

CHALLENGES

• Maintaining knowledge of current cyber technology tools, architectures, and trends in a rapidly changing field.


• Completing cyber activities requiring the assistance of other teams with competing priorities.

EDUCATION/EXPERIENCE REQUIREMENTS

Bachelor’s degree in information security/cybersecurity, information technology, computer science or related field; including certifications such as CrowdStrike Certified Falcon Administrator or similar, and three to five years of work experience in cyber security endpoint management or related position for large enterprises, or an equivalent combination of education certifications and experience related to the position.

PHYSICAL REQUIREMENTS

• Requires remaining in a stationary position for extended periods of time and constantly operating a computer.


• May be required to travel to various field locations.


• Must be able to lift, maneuver and carry material weighing up to 50 pounds.


• KNOWLEDGE, SKILLS, AND ABILITIES


• Strong problem-solver that can work autonomously and with others.


• Detailed knowledge of Windows, macOS, and Linux operating systems.


• Knowledge of file systems, processes, services/daemons.


• Knowledge of registry and system logs (especially Windows Event Viewer).


• Knowledge of permissions, file integrity, and OS hardening best practices.


• Knowledge of EDR, AV, MDM/UEM platforms.


• Understanding of scripting (PowerShell, Bash, Python).


• Detailed knowledge of Command Line Interface syntax and use.


• Knowledge of patch management tools (e.g., SCCM, Intune, WSUS).


• Awareness of endpoint vulnerabilities and hardening techniques.


• Familiarity with common vulnerabilities (CVEs, CVSS scores).


• Understanding MITRE ATT&CK framework as it applies to endpoints


• Awareness of NIST, ISO 27001, PCI-DSS, HIPAA, or similar frameworks.


• Knowledge of encryption technology, tools, and techniques.


• Understanding of TCP/IP, DNS, HTTP/S, VPNs, and how endpoints interact with networks.


• Knowledge of network security tools (e.g., firewalls, proxies) as they relate to endpoint communications


• Ability to maintain absolute confidentiality of sensitive files, data and materials accessed, discussed, or observed, and while adhering to security policies and procedures.

WORKING CONDITIONS

• General office environment.


• May be required to travel to various field locations.


• Subject to various weather conditions when traveling to and from work locations.


• Subject to normal garage, shop, and terminal hazards such as noise, dust, grease, moving vehicles, etc. when working in bus/rail workshops, garages, and terminals.

EQUIPMENT, TOOLS, AND MATERIALS UTILIZED

Personal computer and related software as needed.