Wintel Endpoint Security Specialist at Tiger Brands

• The Wintel Endpoint Security Specialist is a hands‑on security specialist responsible for the protection, hardening, and ongoing security operations of Windows‑based endpoints, including user workstations and Windows servers, across the enterprise. Reporting to the Security Operations Manager, this role provides primary operational ownership of endpoint security controls, including endpoint detection and response (EDR), anti‑malware, disk encryption, endpoint security baselines, and security policy enforcement. The role works closely with the Firewall Engineers, Cyber Defence Engineer, Infrastructure teams, and the outsourced SOC to ensure endpoint threats are detected, contained, and remediated effectively, reducing organisational cyber risk.

WHAT YOU WILL DO:

• Own and operate Windows endpoint security controls across workstations and servers, ensuring consistent protection and policy enforcement.
• Administer and support Endpoint Detection and Response (EDR) platforms, including alert monitoring, investigation, containment actions, and remediation.
• Manage anti‑malware and endpoint protection services, ensuring policies are optimised and threat intelligence is current.
• Implement and maintain full disk encryption on endpoints, including compliance monitoring, key management, and recovery support.
• Apply and maintain endpoint security baselines and hardening standards, aligned to organisational security policies.
• Support endpoint vulnerability remediation, coordinating security patching and configuration fixes with Wintel and endpoint management teams.
• Investigate and respond to endpoint security incidents, performing root cause analysis and supporting containment and recovery actions.
• Work with the outsourced SOC to validate alerts, escalate incidents, and ensure effective response for endpoint‑related threats.
• Monitor and report on endpoint security posture, highlighting risks, non‑compliance, and remediation progress.
• Support security audits and compliance activities, providing endpoint security evidence and remediation input.
• Maintain accurate endpoint security documentation, standards, and operational runbooks.
• Support cyber investigations in collaboration with the Cyber Defence Engineer, SOC, and Infrastructure teams, including evidence gathering and endpoint timeline analysis.
• Create use cases/detections in Microsoft Defender to improve endpoint threat visibility and response (e.g., custom detections and hunting queries).
• Use KQL (Kusto Query Language) for Defender hunting, investigation, and detection development.

WHAT YOU WILL BRING TO THE TABLE:

Key attributes and competencies

• Strong operational leadership capability in a security operations environment.
• Deep understanding of enterprise security operations, including SOC models, incident response, and cyber defence.
• Ability to translate technical security issues into business‑relevant risk and impact.
• Strong decision‑making and prioritisation skills in high‑pressure incident scenarios.
• Strong communication skills, able to engage technical teams, leadership, and external partners effectively.

Experience 

• Proven experience leading or managing security operations teams.
• Hands‑on exposure to:
• Endpoint security (EDR, anti‑malware, encryption)
• Firewall / NGFW security operations
• Security monitoring, alerting, and incident response
• Experience governing and managing outsourced SOC services.

Qualifications & Certifications

• Relevant IT qualification (Diploma or Degree preferred).
• Security / Endpoint Certifications (advantageous)
• Microsoft endpoint or security certifications (e.g. Windows, Endpoint, Identity or Security tracks)
• Endpoint security vendor training or certification
• Security fundamentals certifications (e.g. Security+ or equivalent)