Modern Endpoint Management & Security Specialist
Description:
Full-time
Description
This is a hands-on, sole-contributor role responsible for owning the entire lifecycle of endpoint security, compliance, and configuration across the firm. The Modern Endpoint Management & Security Specialist will own managing and securing endpoint devices at Beveridge & Diamond P.C., with a focus on Microsoft 365 enterprise technologies and Zero Trust architecture readiness. This role combines hands-on technical management of endpoints and server systems with growing responsibility for threat protection, device and server hardening, vulnerability management, and compliance. The ideal candidate will be familiar with tools like Microsoft Intune, Entra ID, Defender, Aiden Technologies, Autopilot, Mimecast, and Abnormal Security, with the potential to grow into leadership around DLP, SASE, and ZTA initiatives.
This position is ideal for someone who has strong foundational experience with device and server management and is looking to expand into advanced areas of cybersecurity and compliance. The position supports the firm's ISO/IEC 27001:2022 certification by implementing and maintaining controls aligned with Annex A, particularly those related to access control (A.5), asset management (A.7), operations security (A.8), and information security incident management (A.5 & A.16).
Key Responsibilities
The individual in this role is expected to take full ownership of the areas listed below — from execution to documentation, reporting, and continuous improvement. This includes accountability for configuration, compliance, issue resolution, coordination, and audit readiness.
Collaboration & Support Integration
Work closely with the Senior Cloud and Infrastructure Lead to ensure endpoint configurations align with enterprise cloud strategies and architectural structure.
Coordinate with the Infrastructure and Cloud Support Specialist on overlapping issues involving networking, hardware, and escalated end-user support.
Support operational readiness and technical alignment for major IT initiatives, including cloud migrations and Zero Trust adoption.
Contribute endpoint-specific knowledge to disaster recovery, business continuity, and compliance planning led by senior technical staff.
Serve as an escalation point for the service desk on issues related to endpoint configuration, patching, security tools, compliance, and asset management.
Collaborate with the support analyst and service desk team to ensure accurate inventory, assignment, and lifecycle tracking of IT assets.
Endpoint Configuration and Compliance
Administer Microsoft Intune for device provisioning, lifecycle management, and compliance policy enforcement.
Configure and support Windows Autopilot to streamline workstation deployment.
Enforce security baselines and Conditional Access policies using Microsoft Entra ID.
Monitor compliance and device posture reporting, addressing gaps in real-time.
Ensure device and identity configurations align with ISO 27001 controls for secure system provisioning, access management, and system monitoring.
Patch and Vulnerability Management
Lead patch management cycles for both workstations and servers using Intune, WSUS, and/or Aiden Technologies.
Remediate vulnerabilities identified through internal and third-party tools, prioritizing based on risk scoring.
Maintain system baselines and enforce timely patch deployment across the environment.
Coordinate with internal teams to align patching windows, change control, and documentation standards.
Ensure vulnerability remediation processes comply with the firm's ISO 27001 Vulnerability Management Procedure.
Endpoint and Server Security
Implement and maintain Multi-Factor Authentication (MFA) requirements in coordination with Microsoft Entra ID and cloud-based applications.
Monitor and respond to authentication-related alerts and anomalous access patterns.
Support integration of MFA policies into onboarding, offboarding, and mobile device management workflows.
Align MFA practices with ISO 27001 controls related to user access (A.5.15, A.5.17) and remote access management.
Manage Microsoft Defender for Endpoint, including advanced hunting and EDR configurations.
Apply secure configuration and hardening best practices to both endpoints and server platforms.
Collaboration & Support Integrationuilds and ensure alignment with security and compliance baselines.
Collaborate on system provisioning, Active Directory integration, and legacy system retirement plans.
Software Lifecycle Management
Provide firm-standard software packages and configurations via Aiden Technologies.
Package and deploy Windows applications via Intune; use Aiden Technologies automation where applicable.
Test newly built packages in designated patch rings, capturing appropriate logs and results.
Maintain thorough documentation for each software package and configuration.
Maintain an inventory of approved software and enforce licensing, installation, and versioning standards.
Maintain software deployment practices in accordance with ISO 27001 asset and change management controls.
Understand and operate within the firm's Change Management Policy, ensuring all deployments follow appropriate review and approval workflows.
Email Security and Compliance
Own the configuration, maintenance, and performance monitoring of Mimecast for secure email gateway protection, continuity, and compliance.
Manage Abnormal Security configuration and operation for behavioral-based phishing protection and business email compromise defense.
Ensure email security platforms align with legal industry data protection standards and ISO 27001 requirements.
Coordinate with cybersecurity and legal teams to meet client and regulatory email governance expectations.
Strategic Growth Areas
Own and drive implementation of DLP controls and participate in Zero Trust Architecture (ZTA) initiatives.
Own endpoint readiness and contribute to the SASE deployment roadmap, including device-level security and remote access strategies.
Lead endpoint-related investigations in Tier 2+ incident response, working with Arctic Wolf and internal cybersecurity teams.
Assist in maintaining evidence of compliance for internal ISO audits.
Requirements
3+ years of experience managing enterprise endpoints using Microsoft Intune and AutoPilot.
Hands-on experience with Microsoft Defender for Endpoint and Conditional Access in Microsoft Entra ID.
Proven ability to manage patching, application packaging, and compliance policies in a legal or highly regulated environment.
Familiarity with vulnerability management tools and remediation workflows.
Experience in building, hardening, and administering Windows Server environments.
Preferred:
Exposure to Aiden Technologies for Windows packaging and device intelligence.
Experience working with Arctic Wolf or Rapid7 is desired, but not required.
Experience with email security platforms such as Mimecast and Abnormal Security.
Understanding of DLP concepts, Zero Trust Architecture, and SASE frameworks.
Incident response exposure in coordination with SOC or internal cybersecurity teams.
Familiarity with ISO/IEC 27001:2022 Annex A controls and control objectives.
Certifications:
Microsoft Certified: Endpoint Administrator Associate or similar strongly preferred.
Microsoft Certified: Security, Compliance, and Identity Fundamentals is a plus.
CompTIA Security+ or equivalent welcome but not required.
Professional Development Opportunities
Direct mentorship from the firm’s Director of Technology & Cybersecurity.
Growth into specialized roles aligned with ZTA, DLP, or broader security engineering.
Exposure to cross-functional initiatives involving legal compliance, IT risk management, and secure remote access architectures.
Experience supporting and maintaining ISO 27001 certification activities and audits.
Salary Description
$120,000 – $145,000