Endpoint Security Engineer

Endpoint Security Engineer

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

This position is based out of our headquarters in the Greater Seattle Area. #LI-onsite

Who We Need

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.

This Opportunity   

The Endpoint Security Engineer will design and support solutions that support the company’s Digital Workplace strategy. They will work on cutting-edge technologies that will modernize endpoint management by leveraging the cloud to quickly deliver end-user improvements.

Responsibilities

• Device Management: Define, implement and maintain endpoint hardening baselines for Windows, macOS, and Linux systems with MDM such as Microsoft Intune, and JAMF.
• Policy & Hardening: Develop and enforce security policies, standards, and procedures for all endpoint devices. Implement system hardening configurations based on industry best practices.
• Deploy & Manage Security Tools: Implement, configure, and maintain endpoint security solutions, including Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), antivirus/anti-malware software, and host-based firewalls.
• Incident Response: Collaborate with IT and Security team to respond to endpoint-related incidents. Triage, remediate, and contain security incidents and threats on endpoints. Perform forensic analysis when necessary.
• Vulnerability Management: Manage the endpoint vulnerability lifecycle, from discovery and assessment to remediation, using scanning tools and patch management systems.
• Patch Management: Design and oversee the deployment of updates, security patches for operating system and applications.
• Automation & Scripting: Develop scripts and automation (e.g., using Python, PowerShell) to streamline security operations, automate repetitive tasks, and improve response times.
• AI Protection: Secure endpoints used for AI development, including devices accessing model weights, training data, and production inference systems, implementing guardrails on AI tool usage (e.g., prompt injection prevention in local LLM dev tools, restricted plugins/add-ons).
• Data Loss Prevention: Enforce data loss prevention (DLP) and encryption policies on devices used to handle sensitive AI training datasets, including PHI/PII and proprietary corporation data.
• On-call: Ability to participate in On-call rotation.
• On-site: This position requires daily onsite work at Truveta office in Bellevue WA.

Key Qualifications

• Experience: 3-5+ years of hands-on experience in an endpoint security, cybersecurity engineering, or similar role.
• Technical Proficiency: Deep understanding of modern operating systems (Windows, macOS) and their architecture, configuration and deployment in a large enterprise environment.
• Cloud Experience: Strong hands-on experience on Azure Cloud PC, VM, Azure Firewall and Azure Networking.
• MDM Expertise: Strong hands-on experience on Microsoft Intune and JAMF administration, such as device enrollment, OS upgrade/patch, configuration, profile.
• Policy Management: Define and assign compliance/security policies to ensure corporation devices meet organizational security standards.
• Application Management: Strong hands-on experience on applications control, deployment, patch and upgrade.
• EPM: Proven experience with industry-leading EPM platforms such as CyberArk and BeyondTrust to control user privileged access and provide advanced threat protection and vulnerability management.
• Networking: Solid understanding of TCP/IP IPv4/v6, experience of office network (Routing / Switching / WAN, Wi-Fi & Security) management and network security concepts.
• Security Principles: Strong knowledge of cybersecurity frameworks (e.g., NIST, MITRE), threat intelligence, and incident response methodologies.
• Compliance: Experiences with SOC 2 Type 2, HITRUST, and ISO compliance frameworks. Interact with the compliance team to ensure the company compliant and remediate gaps during compliance finding and controls.
• Collaboration: Excellent verbal and written communication/presentation, ability to explain complex technical concepts to both technical and non-technical audiences.

Why Truveta?  

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together. 

We Offer:

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person as soon as we are able)
• The base pay for this position is $110,000 to $145,000. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.

If you are based in California, we encourage you to read this important information for California residents linked here.

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.

Please note that all applicants must be authorized to work in the United States for any employer as we are unable to sponsor work visas or permits (e.g. F-1 OPT, H1-B) at this time. We appreciate your interest in the position and encourage you to explore future opportunities with us.