Endpoint Security Engineer

Kpmg India Services Llp

Endpoint Security Engineer

Kpmg India Services Llp

Bengaluru/Bangalore

Not disclosed

Work from Office

Full Time

Min. 5 years

Job Description

Endpoint Security Engineer - Consultant

Educational qualifications

§Graduation degree in any stream or equivalent / post-graduation degree/diploma

§Strong understanding of endpoint internals (processes, services, registry, kernel interactions).

§Familiarity with Windows/Linux/macOS security fundamentals.

§Experience with malware analysis basics, behavioral detection, and threat hunting logic.

§Knowledge of vulnerability management, patch coordination, and system hardening standards (CIS, DISA STIG).

§Ability to analyze logs, EDR telemetry, and MITRE ATT\&CK-based detections.

Work experience

§5+ years’ experience in endpoint security administration or security operations

§Hands-on expertise with:

§CrowdStrike Falcon (sensor deployment, policies, threat hunting, detections, Spotlight).

§Microsoft Defender for Endpoint (ASR rules, EDR in block mode, threat analytics).

§BitLocker drive encryption

§Experience with Endpoint Security Administration such as Microsoft Defender, Crowdstrike, SentinelOne.

§Experience with SIEM integrations such as Microsoft Sentinel, Splunk.

§Scripting experience: PowerShell, Python, or Bash for automation.

§Experience with mobile endpoint security (iOS/Android) using Intune or similar.

§Certifications (nice to have):

§CrowdStrike CCFA / CCFR / CCTP

§Microsoft SC-200 / MD-102 / AZ-500

§Security+, CYSA+, GSEC, GCED, GCIA

The ideal candidate will:

§Be responsible for endpoint security management, configuration hardening, threat response

§Maintaining high levels of endpoint hygiene across the enterprise.

§Be able to configure policies/rules in EDR in line with secure practices and provide recommendations

§This role requires strong hands-on experience with EDR, AV, XDR, device compliance, and vulnerability response.

§Have at least 60 months of experience in Endpoint Security Administration including group management and agent troubleshooting.

§Be a quick learner and adaptable to changing environments

§Have strong analytical skills and communication skills

§Build strong professional working relationships with client personnel

§Have clear understanding of EDR solution design and configuration

§Be willing to work in rotational shifts supporting client environment.

§Deliver timely and high-quality work diligently

§Identify issues and opportunities, and communicate them to appropriate senior member

Certification Required:

•CrowdStrike CCFA / CCFR / CCTP

•Microsoft SC-200 / MD-102 / AZ-500

•Security+, CYSA+, GSEC, GCED, GCIA

Technical Skills Required:

•Deploy, configure, and manage CrowdStrike Falcon and Microsoft Defender for Endpoint across all corporate endpoints (Windows, macOS, mobile, and servers).

•Monitor endpoint health, agent status, and ensure consistent policy application.

•Manage exclusions, detection policies, prevention rules, and sensor configurations.

•Perform triage, containment, and remediation actions for endpoint security incidents.

•Develop, implement, and tune EDR policies, prevention rules, sensor configurations, and device control policies.

•Maintain attack surface reduction (ASR) rules, exploit protection, firewall rules, and endpoint hardening baselines.

•Create and maintain custom IOC/IOA policies within CrowdStrike.

•Ensure consistent security posture across OS versions and configurations.

•Support investigations for endpoint-based threats including malware, ransomware, exploit attempts, lateral movement, and persistence techniques.

•Collaborate with SOC, threat intel, and incident response teams to enrich investigations.

•Support digital forensics: log collection, memory capture, timeline analysis, and event correlation.

•Perform root cause analysis (RCA) and implement long-term corrective actions.

•Support API-based integrations for enhanced correlation and automation.

•Create dashboards and regular reports on endpoint health, alerts, compliance, vulnerabilities, and trends.

•Maintain detailed documentation for policies, procedures, runbooks, and troubleshooting steps.

•Perform endpoint onboarding for new business units or geographies.

•Work with compliance and audit teams for evidence, logs retention, and policy validation.

•Assist in internal training and awareness programs for endpoints.

•Configure, deploy, and manage BitLocker drive encryption for enterprise endpoints.

•Oversee encryption policies—including OS drive, fixed data drives, and removable drives.

•Monitor encryption compliance using Microsoft Endpoint Manager, Azure AD, or on-prem Active Directory.

•Ensure proper recovery key backup, rotation, and secure storage.

•Troubleshoot BitLocker-related issues such as failed encryption, TPM errors, and recovery mode triggers.

•Collaborate with IT support teams to maintain enterprise-wide disk encryption coverage and compliance.

Behavioral / team skills

•Excellent communication (written and verbal) and interpersonal skills

•Ready to support US hours with flexibility to adapt to a variety of engagement types, working hours and work environments and locations

•Proven ability to work creatively and analytically in a problem-solving environment

•Desire to learn and contribute

•Focused and self-motivated approach to work

•Personal drive and positive work ethic to deliver results within tight deadlines and in demanding situations