Staff Endpoint Security Engineer

About Us

With electric vehicles expected to be nearly 30% of new vehicle sales by 2025 and more than 50% by 2040 electric mobility is becoming a reality. ChargePoint (NYSE: CHPT) is at the center of this revolution powering one of the worlds leading EV charging networks and a comprehensive set of hardware software and mobile solutions for every charging need across North America and Europe. We bring together drivers businesses automakers policymakers utilities and other stakeholders to make e-mobility a global reality.

Since our founding in 2007 ChargePoint has focused solely on making the transition to electric easy for businesses fleets and drivers. ChargePoint offers a once-in-a-lifetime opportunity to create an all-electric future and a trillion-dollar market.

At ChargePoint we foster a positive and productive work environment by committing to live our values of Be Courageous Charge Together Love our Customers Operate with Openness and Relentlessly Pursue Awesome. These values guide how we show up every day align and work together to build a brighter future for all of us.

Join the team that is building the EV charging industry and make your mark on how people and goods will get everywhere they need to go in any context for generations to come.

Reports To

Senior Manager - Information Security

What You Will Be Doing

We are looking for a Staff Endpoint Security Engineer with deep expertise across Windows macOS and Linux environments to lead and mature our endpoint security programme. You will be responsible for the design deployment and continuous improvement of our endpoint protection detection and response capabilities as well as our Mobile Device Management (MDM) infrastructure. Working closely with IT security operations and compliance teams you will ensure that every managed device across the organisation meets the highest security standards from first enrolment to decommission

What You Will Bring to ChargePoint

Endpoint Protection & Hardening

• Define implement and enforce endpoint security baselines and hardening standards across Windows macOS and Linux platforms in alignment with CIS Benchmarks NIST guidelines and organisational policy.
• Deploy manage and tune Endpoint Detection and Response (EDR) solutions (e.g. CrowdStrike Falcon Microsoft Defender for Endpoint SentinelOne or equivalent) across all device types.
• Implement and maintain antivirus anti-malware host-based firewall application allowlisting/blocklisting and data loss prevention (DLP) controls.
• Conduct regular endpoint vulnerability assessments and drive timely remediation in coordination with IT and asset owners.
• Manage full-disk encryption across platforms BitLocker (Windows) FileVault (macOS) and LUKS/dm-crypt (Linux).

Mobile Device Management (MDM)

• Architect deploy and manage enterprise MDM solutions including Jamf Pro (macOS/iOS) Microsoft Intune VMware Workspace ONE or equivalent platforms across the organisations full device fleet.
• Design and enforce MDM enrolment workflows device compliance policies configuration profiles and conditional access rules.
• Manage application lifecycle through MDM packaging deployment patching and removal across managed endpoints.
• Manage certificate lifecycle and PKI integration for device authentication and Wi-Fi/VPN access.

Windows Endpoint Security

• Manage and harden Windows endpoints using Group Policy (GPO) Microsoft Endpoint Configuration Manager (MECM/SCCM) and Microsoft Intune.
• Implement and maintain Windows Defender suite Defender Antivirus Defender for Endpoint Defender Firewall and Attack Surface Reduction (ASR) rules.
• Oversee Windows patch management processes ensuring timely deployment of OS and application updates.
• Configure and monitor Windows Event Logging Sysmon and audit policies for comprehensive endpoint telemetry.

macOS Endpoint Security

• Manage macOS fleet security using Jamf Pro configuration profiles extension attributes smart groups policies and patch management.
• Implement macOS security controls including system integrity protection (SIP) Gatekeeper TCC (Transparency Consent & Control) and secure boot settings.
• Develop and maintain custom Jamf scripts (Bash Python Swift) for automation remediation and compliance reporting.
• Manage macOS MDM enrolment via Apple Business Manager (ABM) / Apple School Manager (ASM) and DEP/ADE workflows.

Linux Endpoint Security

• Harden Linux endpoints (Ubuntu RHEL CentOS Debian or equivalent) using industry-standard security frameworks and configuration management tools (Ansible Chef Puppet or similar).
• Implement and manage SELinux / AppArmor policies auditd configurations and host-based intrusion detection (OSSEC Wazuh or equivalent).
• Manage Linux patch management and software inventory using tools such as Landscape Ansible or Satellite.
• Monitor and respond to Linux endpoint security events using EDR agents and SIEM integrations.

Threat Detection & Incident Response

• Triage and respond to endpoint security alerts and incidents containment investigation eradication and recovery.
• Perform endpoint forensic analysis including memory forensics disk imaging and log analysis during security incidents.
• Develop and maintain endpoint-specific detection rules threat hunting queries and playbooks.
• Collaborate with the SOC/SIEM team to enrich endpoint telemetry and improve detection coverage.

Compliance & Governance

• Ensure endpoint security posture meets compliance requirements for relevant frameworks (SOC 2 ISO 27001 CIS Controls NIST CSF PCI-DSS HIPAA where applicable).
• Maintain endpoint asset inventory and configuration management database (CMDB) accuracy.
• Produce regular endpoint compliance and health reports for security leadership and audit purposes.
• Develop and enforce acceptable use BYOD and device security policies.

Leadership & Collaboration

• Mentor junior and mid-level endpoint security engineers and IT operations staff.
• Define endpoint security roadmap and drive continuous improvement initiatives.
• Evaluate and onboard new endpoint security tooling; manage vendor relationships.
• Collaborate with HR and IT on joiners/movers/leavers processes to ensure secure device provisioning and deprovisioning.

Required Qualifications

• 79 years of hands-on experience in endpoint security systems administration or a closely related field.
• Expert-level knowledge ofWindowsendpoint security Group Policy Intune SCCM/MECM Defender for Endpoint and Windows hardening.
• Expert-level knowledge ofmacOSendpoint security Jamf Pro Apple Business Manager configuration profiles and macOS security controls.
• Solid experience withLinuxendpoint security hardening SELinux/AppArmor auditd and Linux-based EDR/HIDS solutions.
• Deep proven experience withenterprise MDM platforms(Jamf Pro Microsoft Intune Workspace ONE or equivalent) in a large-scale environment.
• Hands-on experience with EDR/EPP platforms (CrowdStrike SentinelOne Microsoft Defender for Endpoint or equivalent).
• Strong scripting skills for automation and endpoint management Bash PowerShell Python and/or Swift.
• Solid understanding of PKI certificate management and secure authentication (SAML OAuth SCIM conditional access).
• Familiarity with SIEM platforms and endpoint telemetry integration (Splunk Microsoft Sentinel Elastic or equivalent).
• Strong knowledge of endpoint security frameworks: CIS Benchmarks NIST SP 800-70 DISA STIGs.

Nice to Have

• Experience with Zero Trust Network Access (ZTNA) and integration of MDM compliance with identity providers (Okta Azure AD Ping Identity).
• Familiarity with privileged access management (PAM) tools (CyberArk BeyondTrust or similar).
• Exposure to mobile security (iOS Android) within an MDM context.
• Experience with vulnerability management platforms (Tenable Qualys Rapid7).
• Knowledge of macOS and Linux forensics tooling (osquery Velociraptor or similar).
• Relevant certifications: CISSP CISM CompTIA Security CEH Microsoft SC-300/MD-102 Jamf Certified Admin/Expert CrowdStrike CCFA/CCFR or equivalent.
• Experience in regulated industries (FinTech Healthcare Legal or Enterprise SaaS)

Location

Gurgaon/Remote

We are committed to an inclusive and diverse team. ChargePoint is an equal opportunity employer. We do not discriminate based on race color ethnicity ancestry national origin religion sex gender gender identity gender expression sexual orientation age disability veteran status genetic information marital status or any legally protected status.

If there is a match between your experiences/skills and the Company needs we will contact you directly.