Endpoint Security Stack Manager

Dublin - Ireland

Monthly Salary: Not Disclosed

Posted on: 3 days ago

Vacancies: 1 Vacancy

Job Summary

Description

Endpoint Security Stack Manager

Role Overview

Own the operations health and continual improvement of the enterprise endpoint security stackdelivering high coverage fast detection/containment tight compliance and great engineer/operator experience. Tools in scope include CrowdStrike Falcon EDR/XDR Microsoft Intune (MEM) for Windows/macOS/iOS/Android MDM/MAM Qualys VMDR (incl. PC/SCA) Absolute for asset assurance and device compliance gating (Intune Entra Conditional Access). This role collaborates closely with the SOC/MXDR provider and infra/client-engineering to maintain a defensible auditable endpoint posture at scale.

Scope & Tooling (authoritative systems)

EDR/XDR: CrowdStrike Falcon (sensors prevention policies RTR identity protection device control).
MDM/MEM: Microsoft Intune/MEM (enrollment configuration profiles compliance policies app protection update rings).
Vulnerability & Config: Qualys VMDR Policy Compliance Secure Configuration Assessment (agents scanners appliances).
Asset Assurance: Absolute (agent health tamper detection device location/lock/wipe).
Device Compliance/Zero Trust: Intune Entra Conditional Access device posture gates aligned to GT endpoint standards.
Adjacencies: Endpoint Privilege Mgmt (e.g. CyberArk EPM) encryption (BitLocker/FileVault) SIEM/SOAR and SOC integrationsper GTs defenseindepth architecture.

Key Responsibilities

Platform Operations & Maintenance

Own daytoday operations of EDR/MDM/VM/Asset Assurance platforms: console administration policy lifecycle agent currency tuning and change control (CAB) aligned to GT standards.
Maintain sensor/agent health & coverage across all supported OSes; drive autohealing and deployment automation (Intune scripts) to keep coverage above target SLAs.
Run Qualys scans at scale (agents/appliances) fix coverage gaps and partner with patching teams on remediation SLAs.
Administer device compliance policies and Conditional Access posture gates for Zero Trust access; minimize user friction while enforcing baseline.
Oversee Absolute for asset assurance (visibility investigation support and recovery workflows).

Detection Response & SOC Collaboration

Ensure highfidelity EDR detections and rapid containment (isolation RTR IOCs) with playbooks aligned to the SOC/MXDR provider; continuously tune to reduce false positives.
Serve as tier3/engineering escalation for endpoint incidents; contribute to incident postmortems root cause fixes and lessonslearned hardening.

Governance Risk & Compliance

Align all tooling and controls with GT Endpoint Security Standard and defenseindepth architecture; maintain auditready evidence runbooks and metrics.
Own tool control mappings to CIS/NIST/ISO; partner with GRC for control attestations and external audits.

Engineering & Automation

Drive policy-as-code and automation for agent deployment compliance enforcement and reporting (PowerShell KQL Python Graph APIs).
Rationalize integrations with SIEM/SOAR CMDB/asset systems ticketing and collaboration toolsconsistent with the enterprise architecture.

Lifecycle & Vendor Management

Manage licensing renewals roadmaps and vendor/MSP/MSSP relationships; evaluate new capabilities (e.g. identity threat protection device control enhancements).

M&A / New Environment Onboarding

Lead EDR and Qualys rollin for acquisitions per the InfoSec M&A Playbook: uninstall legacy agents deploy GT standard agents integrate to SOC and hit day1 protection/visibility.

Required Experience & Qualifications

8 years in endpoint security/operations; 3 years leading EDR/MDM/Vulnerability platforms at enterprise scale.
Handson with CrowdStrike Falcon Intune/MEM (Windows/macOS/iOS/Android) Qualys VMDR/PC/SCA Absolute and device compliance/Conditional Access; familiarity with CyberArk EPM BitLocker/FileVault helpful in GT context.
Strong OS internals (Windows/macOS/Linux) scripting (PowerShell KQL Python) packaging/deployment API integrations.
Knowledge of NIST CSF CIS benchmarks ISO 27001; ITIL change/problem.
Certifications a plus: CrowdStrike (CCFR/CCFA/CCFH) Microsoft (SC200/AZ500/MS101) Qualys GIAC (GCIA/GCED/GCFA) ITIL.

#LI-KS1

Required Experience:

Manager

DescriptionEndpoint Security Stack ManagerRole OverviewOwn the operations health and continual improvement of the enterprise endpoint security stackdelivering high coverage fast detection/containment tight compliance and great engineer/operator experience. Tools in scope include CrowdStrike Falcon E...

Description

Endpoint Security Stack Manager

Role Overview

Scope & Tooling (authoritative systems)

EDR/XDR: CrowdStrike Falcon (sensors prevention policies RTR identity protection device control).
MDM/MEM: Microsoft Intune/MEM (enrollment configuration profiles compliance policies app protection update rings).
Vulnerability & Config: Qualys VMDR Policy Compliance Secure Configuration Assessment (agents scanners appliances).
Asset Assurance: Absolute (agent health tamper detection device location/lock/wipe).
Device Compliance/Zero Trust: Intune Entra Conditional Access device posture gates aligned to GT endpoint standards.
Adjacencies: Endpoint Privilege Mgmt (e.g. CyberArk EPM) encryption (BitLocker/FileVault) SIEM/SOAR and SOC integrationsper GTs defenseindepth architecture.

Key Responsibilities

Platform Operations & Maintenance

Own daytoday operations of EDR/MDM/VM/Asset Assurance platforms: console administration policy lifecycle agent currency tuning and change control (CAB) aligned to GT standards.
Maintain sensor/agent health & coverage across all supported OSes; drive autohealing and deployment automation (Intune scripts) to keep coverage above target SLAs.
Run Qualys scans at scale (agents/appliances) fix coverage gaps and partner with patching teams on remediation SLAs.
Administer device compliance policies and Conditional Access posture gates for Zero Trust access; minimize user friction while enforcing baseline.
Oversee Absolute for asset assurance (visibility investigation support and recovery workflows).

Detection Response & SOC Collaboration

Ensure highfidelity EDR detections and rapid containment (isolation RTR IOCs) with playbooks aligned to the SOC/MXDR provider; continuously tune to reduce false positives.
Serve as tier3/engineering escalation for endpoint incidents; contribute to incident postmortems root cause fixes and lessonslearned hardening.

Governance Risk & Compliance

Align all tooling and controls with GT Endpoint Security Standard and defenseindepth architecture; maintain auditready evidence runbooks and metrics.
Own tool control mappings to CIS/NIST/ISO; partner with GRC for control attestations and external audits.

Engineering & Automation

Drive policy-as-code and automation for agent deployment compliance enforcement and reporting (PowerShell KQL Python Graph APIs).
Rationalize integrations with SIEM/SOAR CMDB/asset systems ticketing and collaboration toolsconsistent with the enterprise architecture.

Lifecycle & Vendor Management

Manage licensing renewals roadmaps and vendor/MSP/MSSP relationships; evaluate new capabilities (e.g. identity threat protection device control enhancements).

M&A / New Environment Onboarding

Lead EDR and Qualys rollin for acquisitions per the InfoSec M&A Playbook: uninstall legacy agents deploy GT standard agents integrate to SOC and hit day1 protection/visibility.

Required Experience & Qualifications

8 years in endpoint security/operations; 3 years leading EDR/MDM/Vulnerability platforms at enterprise scale.
Handson with CrowdStrike Falcon Intune/MEM (Windows/macOS/iOS/Android) Qualys VMDR/PC/SCA Absolute and device compliance/Conditional Access; familiarity with CyberArk EPM BitLocker/FileVault helpful in GT context.
Strong OS internals (Windows/macOS/Linux) scripting (PowerShell KQL Python) packaging/deployment API integrations.
Knowledge of NIST CSF CIS benchmarks ISO 27001; ITIL change/problem.
Certifications a plus: CrowdStrike (CCFR/CCFA/CCFH) Microsoft (SC200/AZ500/MS101) Qualys GIAC (GCIA/GCED/GCFA) ITIL.

#LI-KS1

Required Experience:

Manager

Key Skills

Crisis Management
IDS
FedRAMP
ICD Coding
Military Experience
PCI
Business Management
Conflict Management
NIST Standards
Security
Information Security
Encryption

Apply Now

About Company

Grant Thornton

Today, Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. These firms help dynamic organizations unlock their potential for growth by providing meaningful, forward-looki ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click