Included Health · 1 day ago
Staff Endpoint Security Engineer
United States
Full-time
Remote
Lead/Staff
$174K/yr - $246K/yr
8+ years expIncluded Health is a new kind of healthcare company, delivering integrated virtual care and navigation. The Staff Security Engineer is responsible for designing, implementing, and maintaining robust security controls and detection mechanisms across all company and BYOD endpoints to protect sensitive data and ensure the security of devices accessing company resources.
Health CareHospitalMedicalmHealth
Responsibilities
Develop, implement, and maintain a comprehensive endpoint security strategy, architecture, and roadmap covering all corporate and BYOD endpoints, with a focus on proactive defense and detection engineering
Design and enforce security configurations, hardening standards, and baselines for diverse operating systems (Windows, macOS, ChromeOS, iOS, Android, and potentially others) to minimize attack surfaces
Lead the selection, deployment, administration, and optimization of endpoint security solutions, including Endpoint Detection and Response (EDR/XDR) for threat detection, Mobile Device Management (MDM/UEM) for policy enforcement, Data Loss Prevention (DLP) for data protection, anti-malware, and endpoint encryption
Develop and implement robust DLP policies and controls to prevent PHI and other sensitive data from leaving authorized systems via endpoints
Manage endpoint encryption technologies (e.g., BitLocker, FileVault, mobile encryption) to ensure data at rest is protected
Proactively look for threats on endpoints to identify gaps in defenses and inform the development of new detection capabilities
Support and provide expertise during incident response activities for endpoint-related security events, with a focus on root cause analysis to enhance preventative and detective controls
Conduct vulnerability assessments, manage endpoint patching and remediation efforts to address identified weaknesses in a timely manner, strengthening overall endpoint resilience
Develop, document, and enforce endpoint security policies, standards, and procedures, particularly for BYOD environments, ensuring compliance with HIPAA and other relevant regulations
Automate endpoint security tasks, compliance checks, defensive measure deployments, and reporting using scripting languages (e.g., Python, Go) and security orchestration tools
Collaborate closely with IT operations, network security, application development, and legal/compliance teams to ensure a cohesive security posture and integrate endpoint defenses
Provide expert consultation and support to end-users and IT staff on endpoint security matters and best practices
Stay current with the latest endpoint threats, vulnerabilities, and security technologies to continuously improve our defenses
Qualification
Required
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field
8+ years of experience in endpoint security, with a strong emphasis on designing, building, implementing, and managing security controls, detection mechanisms, and defensive capabilities across a diverse range of endpoint operating systems (Windows, macOS, iOS, Android)
Proficiency in Python for automating endpoint security tasks, tool integrations, and deployment of defensive measures
Proven hands-on experience with leading Endpoint Detection and Response (EDR/XDR) solutions (e.g., CrowdStrike, SentinelOne, Microsoft Defender for Endpoint, Carbon Black) for threat detection engineering and security policy enforcement
Demonstrable experience with Mobile Device Management (MDM) / Unified Endpoint Management (UEM) platforms (e.g., Microsoft Intune, Jamf Pro, VMware Workspace ONE, Kandji, MobileIron) for enforcing security configurations and policies
Strong knowledge of endpoint hardening techniques, security configuration management, and policy enforcement across multiple OS platforms, with a focus on building resilient systems
Experience designing and implementing endpoint Data Loss Prevention (DLP) strategies and tools
Experience with endpoint attack vectors, malware, persistence mechanisms, and designing effective mitigation and detection techniques
Experience with endpoint vulnerability management, patch management processes, and tools, focused on proactive remediation
Experience with network security principles (TCP/IP, DNS, DHCP, VPNs, firewalls) as they relate to designing and implementing endpoint security controls
Experience working in regulated environments and a strong understanding of HIPAA compliance requirements as they apply to endpoint protection and data handling
Benefits
Remote-first culture
401(k) savings plan through Fidelity
Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
Paid Time Off ("PTO") and Discretionary Time Off ("DTO")
12 weeks of 100% Paid Parental leave
Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
Work-From-Home reimbursement to support team collaboration home office work
Company
Included Health
Included Health provides a combination of virtual care, navigation, and communities-based healthcare services.
1001-5000 employees
H1B Sponsorship
Included Health has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (12)
2024 (9)
2023 (8)
2022 (6)
Funding
Current Stage
Late StageTotal Funding
$344MKey Investors
The Carlyle GroupGreylockVenrock
2020-09-09Series E· $175M
2018-05-02Series D· $66M
2017-01-01Series Unknown
Leadership Team
Owen Tripp
Chief Executive Officer
Wade Chambers
CTO & SVP of Engineering
Recent News
Business Wire
2025-12-11
Company data provided by crunchbase