Endpoint Security & Exposure Engineer
Role details
Job location
Tech stack
Job description
Endpoint Security & Exposure Engineer This is an exciting opportunity to join Jacobs' Cyber Security team as an Endpoint Security & Exposure Management Engineer. You'll play a key role in reducing cyber risk by driving vulnerability remediation, strengthening endpoint security controls, and improving visibility of security exposure across a global technology estate.
Working across infrastructure, cloud, desktop engineering, and security teams, you'll help ensure vulnerabilities are identified, prioritised, and remediated effectively while supporting key security capabilities including application control, privilege management, and endpoint hardening.
If you're passionate about vulnerability management, exposure reduction, and delivering measurable security outcomes, this is an opportunity to make a real impact within a global organisation.
Day to Day
-
Lead vulnerability and exposure management activities across enterprise environments, ensuring security risks are identified, prioritised, and remediated effectively
-
Work closely with technology teams to drive remediation programmes and reduce organisational cyber risk
-
Support and enhance endpoint security capabilities, including application control, allowlisting, privilege management, and endpoint hardening
-
Use data, reporting, and dashboards to provide visibility of cyber exposure, remediation performance, and security outcomes
-
Assess emerging vulnerabilities and threats, providing risk-based recommendations and guidance to stakeholders
-
Act as a trusted security partner across infrastructure, cloud, application, and operational teams, helping embed secure practices and improve resilience
Requirements
-
Experience in cybersecurity, vulnerability management, security engineering, or endpoint security
-
Strong understanding of risk-based vulnerability management and remediation prioritisation
-
Experience working with vulnerability management platforms such as Tenable, Qualys, or Rapid7
-
Experience with ServiceNow Vulnerability Response or similar remediation workflow platforms
-
Knowledge of endpoint security technologies including application control, privilege management, and endpoint protection
-
A collaborative approach with strong stakeholder engagement and communication skills
-
The ability to translate technical security risks into meaningful business outcomes
Desirable Experience
-
Experience implementing Zero Trust principles
-
Exposure to Microsoft Defender for Endpoint, Intune, Active Directory, and Entra ID
-
Experience working within cloud environments including Azure, AWS, or Google Cloud
-
Knowledge of frameworks such as NIST, ISO 27001, CIS Controls, Cyber Essentials Plus, and NCSC CAF
-
Industry certifications including CISSP, CISM, Security+, GIAC, Microsoft Security, or ServiceNow certifications, * Application control and allowlisting technologies
-
Privilege management solutions
-
Endpoint hardening methodologies
-
Zero Trust security principles
-
Least-privilege administration
-
Endpoint security architecture
Vulnerability & Exposure Management
-
Vulnerability assessment and management
-
Exposure management practices
-
Risk prioritization frameworks
-
Attack surface management
-
Patch and remediation management
-
Security risk analysis
Platforms & Technologies
-
Microsoft Windows Server and Windows 11
-
Linux operating systems
-
Active Directory and Entra ID
-
Microsoft Intune
-
Microsoft Defender for Endpoint
-
Cloud platforms (Azure, AWS, or Google Cloud)
-
ServiceNow Vulnerability Response
Scripting & Automation
-
PowerShell
-
Python
-
API integrations and workflow automation
-
Security reporting and dashboard development
Preferred Qualifications
-
Experience implementing Zero Trust security controls.
-
Experience with endpoint detection and response (EDR) platforms.
-
Familiarity with security frameworks including:
o NIST Cybersecurity Framework
o CIS Controls
o ISO 27001
o NCSC Cyber Assessment Framework
o Cyber Essentials Plus
o Defence Cyber Certification, Levels 0-3
o ACSC Essential Eight
-
Experience with cloud security and hybrid infrastructure environments.
-
Experience leading vulnerability remediation programs across multiple technology domains.
Preferred Certifications
-
CISSP
-
GIAC Security Certifications
-
CompTIA Security+
-
Certified Information Security Manager (CISM)
-
ServiceNow Certified Implementation Specialist
-
Tenable Certified Professional
-
Qualys Certified Specialist
-
Microsoft Security Certifications
Key Competencies
-
Strong analytical and problem-solving skills.
-
Excellent stakeholder management and communication abilities.
-
Ability to translate technical risk into business impact.
-
Strong organizational and prioritization skills.
-
Collaborative approach to driving remediation and risk reduction.
-
Continuous improvement mindset focused on measurable security outcomes.
Success Measures
-
Reduction in privileged access risk.
-
Increased endpoint security control coverage.
-
Reduction in critical and high-risk vulnerabilities.
-
Improved vulnerability remediation performance and SLA compliance.
-
Improved visibility of enterprise cyber exposure.
-
Successful implementation of least-privilege principles across the endpoint estate.
-
Measurable reduction in organizational attack surface and cyber risk https://careers.jacobs.com/en_US/careers/JobDetail/42232 London|Greater London|United Kingdom Bristol|Bristol City|United Kingdom Manchester|Greater Manchester|United Kingdom Glasgow|Lanarkshire|United Kingdom Birmingham|West Midlands|United Kingdom Cardiff|South Glamorgan|United Kingdom Digital and Data Enterprise Functions