Endpoint Security Engineer

Looking for an experienced Windows Endpoint Security Engineer to join our team on a long-term contract. This role is ideal for someone who has hands-on experience securing enterprise Windows environments through automation, endpoint compliance, and Cisco ISE posture management. You will be responsible for building PowerShell automation, implementing DISA STIG security baselines, troubleshooting Cisco ISE posture issues, and improving endpoint compliance across enterprise environments. What You'll Do Develop advanced PowerShell scripts for endpoint compliance validation and reporting. Create automated remediation scripts to restore Windows endpoints to approved security baselines. Deploy and manage remediation solutions through Cisco Secure Client. Configure, troubleshoot, and optimize Cisco ISE posture assessment and Network Access Control (NAC) policies. Investigate endpoint issues affecting posture validation, client provisioning, and network access. Validate EDR/EPP agent health, services, versions, and signature updates. Correlate vulnerability scan findings with endpoint configuration gaps. Audit and implement Windows DISA STIG requirements. Validate Windows Defender Firewall configurations. Verify BitLocker encryption status and compliance. Monitor endpoint patch compliance using Intune, SCCM, or WSUS. Support PKI and endpoint certificate management. Produce compliance reports and technical documentation. Required Skills We're looking for someone with strong experience in most of the following: PowerShell scripting Windows Endpoint Security Cisco ISE Network Access Control (NAC) DISA STIG implementation Windows Defender Firewall Microsoft Intune SCCM / Microsoft Configuration Manager WSUS BitLocker Endpoint Detection & Response (EDR) Vulnerability Management PKI / Certificate Management Windows Registry and Services Security Automation Nice to Have Experience supporting large enterprise environments. Experience in U.S. Government or DoD environments. Familiarity with Tenable, Nessus, or ACAS. Security clearance or eligibility to obtain one. What We're Looking For We are seeking someone who has built security automation—not someone who only performs manual compliance checks. The ideal candidate is comfortable writing complex PowerShell scripts from scratch, troubleshooting Cisco ISE posture issues, and taking ownership of endpoint security automation initiatives. To Apply Please answer the following questions in your proposal: Describe your experience with Cisco ISE posture and NAC. What is the largest PowerShell automation project you've built? Have you implemented Windows DISA STIGs? If so, describe your experience. Which endpoint management platforms have you used (Intune, SCCM, WSUS)? Which EDR solutions have you worked with? Describe a challenging endpoint security issue you solved. Approximately how many Windows endpoints have you supported? Start your proposal with "Endpoint Automation Expert" so we know you've read the entire posting. This is expected to be a long-term engagement for the right candidate, with opportunities to take ownership of key endpoint security automation initiatives.