Branch - Corporate Security Engineer

• Endpoint Security & Engineering • Own the day-to-day administration of CrowdStrike Falcon — prevention policies, detection tuning, custom IOAs, USB device control, and Real Time Response runbooks across the entire Branch endpoint fleet. • Own the day-to-day administration of CrowdStrike Falcon • Operate and mature ThreatLocker — build and maintain application allowlisting, ringfencing, storage control, and elevation policies; reduce learning-mode exceptions over time and drive measurable hardening progress. • Operate and mature ThreatLocker • Administer Island Enterprise Browser — define and enforce browser-level policies for SaaS access, copy/paste, downloads, screenshot, and extension governance; align browser controls with insider risk and DLP objectives. • Administer Island Enterprise Browser • Drive endpoint hardening and configuration baselines for macOS and Windows. MDM (Jamf / Intune), patch SLAs, FileVault/BitLocker, and CIS-aligned benchmarks. • Drive endpoint hardening and configuration baselines • Maintain a defensible inventory of endpoints, agents, and coverage gaps, and drive remediation when devices fall out of compliance. • Maintain a defensible inventory • Own corporate-side incident response for endpoint, identity, email, and insider events — from initial triage through containment, eradication, recovery, and post-incident review. • Own corporate-side incident response • Insider Risk & Data Protection • Build and run Branch’s insider risk program — from defining risk indicators (data exfiltration, anomalous access, departing employee behavior) to building detections and response playbooks across endpoint, browser, and SaaS telemetry. • Build and run Branch’s insider risk program • Operate Data Loss Prevention controls across Google Workspace (Drive, Gmail), Island Browser, and endpoint channels; investigate DLP events end-to-end, balancing user friction against data-protection outcomes. • Operate Data Loss Prevention controls • Lead onboarding, offboarding, transitions security workflows in partnership with People Operations — enforce least-privilege access, data return at offboarding, and time-bounded monitoring of high-risk departures, ultimately skilling up our IAM team • Lead onboarding, offboarding, transitions security workflows • Triage and investigate insider risk cases with discretion, partnering with Legal, HR, and GRC on documentation, evidence handling, and outcomes; preserve chain-of-custody on every case. • Triage and investigate insider risk cases • Develop user-facing guidance and training that reduces accidental risk — phishing reporting, secure handling of customer data, and acceptable use of AI and SaaS tools. • Develop user-facing guidance and training • Security Operations & Engineering • Harden Google Workspace — admin role hygiene, context-aware access, OAuth third-party app governance, advanced phishing/malware protection, and audit logging into the SIEM. • Harden Google Workspace • Automate repetitive corporate security work using Python or Bash and orchestration platforms (e.g., Tines, Torq, XSOAR) — alert enrichment, user notifications, evidence collection, and offboarding checks. • Automate repetitive corporate security work • Contribute to the corporate vulnerability management program for endpoints and SaaS — prioritization, SLA tracking, and cross-functional remediation. • Contribute to the corporate vulnerability management program • Serve as a security consultant and escalation point for the broader business on secure configurations, patching, exception requests, and acceptable-use questions. • Serve as a security consultant and escalation point