Endpoint Security Architect

  • Sunnyvale, CA
  • Posted 10 hours ago | Updated 10 hours ago

Overview

Hybrid
Depends on Experience
Contract - Independent
Contract - W2
Contract - 12 Month(s)

Skills

Endpoint Protection
endpoint

Job Details

Project Details

Role : Endpoint Security Architect

Location : Sunnyvale, CA Hybrid (3 days onsite a week)

Duration : 12+ Months

Description
About VLink: Started in 2006 and headquartered in Connecticut, VLink is one of the fastest growing digital technology services and consulting companies. Since its inception, our innovative team members have been solving the most complex business, and IT challenges of our global clients.

The Endpoint Security Architect will be responsible for designing, assessing, and enhancing the organization s endpoint security posture across laptops, desktops, mobile devices, servers, and VMs. This role ensures alignment of endpoint operations, policies, and enforcement mechanisms with industry standards (NIST), organizational security policies, and regulatory requirements. The ideal candidate has deep experience with EDR/XDR, AV, MDM/Intune, device compliance, endpoint hardening, and integration with SIEM/SOAR/AD environments.

Key Responsibilities:

  1. Endpoint Security Architecture & Design

  • Review and enhance endpoint architecture, including AV, EDR solutions.
  • Evaluate endpoint configuration, control enforcement, coverage, and security baselines.
  • Assess integration of endpoint platforms with SIEM, SOAR, Active Directory, Intune/MDM, and CMDB.
  • Review architectural components, telemetry flow, and sensor deployment methodology.
  • Validate data exchange between endpoint security tools and central monitoring systems.

  1. Policy & Governance
  • Ensure endpoint security operations align with organizational security policies.
  • Review and update endpoint security policies aligned with NIST standards.
  • Validate roles & responsibilities across IT, SecOps, and endpoint management teams.
  • Evaluate policy coverage including patching, EDR/AV, device onboarding, and compliance.
  1. Endpoint Operations & Integration
  • Assess GPOs, MDM/Intune policies, device configuration profiles, and enforcement controls.
  • Review endpoint discovery & profiling mechanisms to identify unmanaged/rogue devices.
  • Validate tagging, categorization, and asset mapping across EDR platforms and CMDB.
  • Check integration with NAC, SIEM, AD, vulnerability management, and patching tools.
  1. Risk Management, Patching & Compliance
  • Review patch management and vulnerability remediation processes across endpoints.
  • Verify endpoint compliance monitoring, dashboards, and alerting workflows.
  • Assess patching SLAs, automation processes, and compliance reporting.

Skills & Qualifications

Technical Skills

  • Strong expertise in EDR/XDR platforms (e.g., CrowdStrike, Defender for Endpoint, Trellix, SentinelOne).
  • Hands-on experience with Intune/MDM, SCCM, JAMF, or similar device management tools.
  • Solid understanding of SIEM/SOAR platforms and AD integration.
  • Strong knowledge of NIST CSF, NIST 800-53/171, CIS benchmarks, and endpoint hardening.
  • Familiarity with NAC, vulnerability management, and patching tools (Tenable, Qualys, BigFix, etc.).
  • Experience designing endpoint security architectures for large enterprises.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.