Endpoint Security Engineer
This role is a hands-on Windows Endpoint Security Specialist supporting a Cisco ISE team, focused on endpoint compliance, posture validation, and automated remediation.
Key Responsibilities:
Develop, test, and maintain advanced PowerShell scripts to automate endpoint compliance validation, data collection, and reporting aligned with security and DISA STIG requirements
Design and implement automated remediation scripts to restore non-compliant endpoints to required baselines, including STIG configurations and endpoint security agent health
Deploy and manage remediation solutions through Cisco Secure Client to support automated compliance enforcement
Collaborate with Cisco ISE engineers to implement, optimize, and troubleshoot posture assessment workflows and NAC policy enforcement
Investigate and resolve endpoint-side issues impacting network access compliance and client provisioning
Correlate vulnerability scan results with endpoint configuration gaps to drive remediation efforts
Validate and monitor patch management systems (WSUS, SCCM, Intune) to ensure endpoint update compliance
Support endpoint certificate management and PKI-related requirements as needed
*This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.
Required Skills:
Must be able to obtain Secret security clearance.
Advanced PowerShell scripting for automated compliance checks (registry, services, file permissions)
PowerShell scripting for automated remediation of non-compliant endpoint configurations and STIG settings
Ability to create scripts for data gathering and compliance status reporting
Deep knowledge of Windows endpoint internals and endpoint security tooling
Strong EPP/EDR experience, including validating agent install status, service health, versioning, and signature/definition updates
Experience configuring and auditing host-based firewalls (Windows Defender Firewall)
Understanding of data-at-rest encryption and verification methods (e.g., BitLocker)
Familiarity with application whitelisting/application control concepts and enforcement
Ability to interpret vulnerability scan results and correlate them with endpoint configuration and STIG findings
Practical experience auditing and implementing DISA STIG requirements for Windows endpoints
Proficiency with Cisco ISE posture assessment and policy configuration for endpoint compliance
Ability to integrate endpoints with ISE for posture/NAC and troubleshoot posture/client provisioning issues
Understanding of patch management processes and validating patching agent health (WSUS, SCCM, Intune)
Working knowledge of PKI/certificate management on endpoints, including trusted root certificates
Preferred Qualifications:
B.A or B.S. in a degree such as Computer Science, Information Systems or Information Technology or 7 years related experience.
Experience working in a DoD healthcare IT environment.
Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.
We offer:
401(k) with 100% company match on the first 6% deferred, with immediate vesting
Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
Unlimited access to training and certifications, with no pre-set cap on eligible professional development
Tuition assistance for job-related degrees and courses
Paid parental leave, PTO that grows with tenure, and generous holiday schedules
Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.
Join us to build a career that matters—supported by a company that invests in you.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status