Gcda Jobs (NOW HIRING)

Job Summary:
KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. They are seeking an Endpoint Detection Engineer to serve as a subject matter expert for enterprise endpoint detection platforms, responsible for configuration, tuning, lifecycle management, and continuous improvement of cybersecurity tools.
Responsibilities:
• Own the design, configuration, and ongoing optimization of the enterprise EDR and EPM platforms across Windows, macOS, and Linux environments.
• Define and author endpoint hardening standards, detection policies, exclusion logic, and response baselines aligned with industry best practices.
• Ensure endpoint platforms integrate effectively with SIEM, SOAR, SOC workflows, and identity platforms to maximize telemetry value and response automation.
• Proactively evaluate new platform features, capabilities, and emerging technologies, leading proof-of-concept testing and driving adoption of enhancements that strengthen security posture.
• Monitor agent health, fleet coverage, and version compliance; manage agent lifecycle including upgrades, rollouts, and rollback procedures.
• Collaborate with detection engineers to develop, evaluate, and continuously refine endpoint-based detections mapped to MITRE ATT&CK techniques and real-world threat actor TTPs.
• Partner with the SOC to improve detection fidelity, reduce false positive rates, and enhance automated response capabilities tied to endpoint threats.
• Assist in endpoint-related security incident investigations, leveraging endpoint telemetry for root cause analysis, forensic evidence collection, and remediation guidance.
• Contribute to proactive threat hunting missions with the Cyber Threat Intelligence team, using behavioral analytics and endpoint telemetry to surface threats that evade automated detection.
• Drive root cause analysis following incidents or platform issues and implement continuous improvements to prevent recurrence.
• Identify and resolve complex performance, stability, and interoperability issues between the endpoint agents and other tooling including EPM, DLP, and MDM solutions.
• Serve as the primary technical liaison with the endpoint platform vendors, managing escalations, product roadmap input, and coordination on advanced support cases.
• Partner with IT Security and infrastructure teams to troubleshoot deployment and compatibility issues across the enterprise endpoint fleet.
• Write and maintain technical documentation including configuration standards, operational runbooks, and troubleshooting guides.
Qualifications:
Required:
• Five (5) years of hands-on experience in cybersecurity, with at least 2 years focused on EDR/XDR and EPM platform administration and engineering.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• Demonstrated expertise with one or more enterprise security platforms (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint, CyberArk, Delinea) including policy management, agent configuration, and console administration.
• Solid understanding of endpoint attack techniques, threat actor TTPs, and the MITRE ATT&CK framework.
• Experience leading endpoints across Windows and macOS in large enterprise environments; Linux experience a plus.
• Confirmed ability to solve complex agent performance, stability, and interoperability issues across a diverse endpoint ecosystem.
• Experience working in or closely supporting a SOC, detection engineering, or incident response function.
• Scripting proficiency in one or more languages (i.e., PowerShell, Python, etc.) for automation of operational and security tasks or experience working with management APIs.
• Familiarity with SIEM platforms and endpoint-to-SIEM data pipelines; experience with query languages such as KQL or SPL a plus.
Preferred:
• Experience supporting or participating in red team, purple team, or adversary simulation exercises.
• Malware analysis or reverse engineering experience is highly desirable.
• Familiarity with digital forensics tooling and methodology (e.g., KAPE / Zimmerman Tools) for endpoint artifact analysis.
• Familiarity with MDM/MAM solutions (Intune, JAMF, Workspace ONE) and their interplay with endpoint security tooling.
• Working knowledge of security hardening benchmarks (CIS Controls, NIST 800-53) and how to operationalize them at the endpoint layer.
• Experience in regulated or large enterprise environments with compliance requirements (PCI-DSS, ISO 27001, or similar).
• Relevant certifications such as GCDA, GREM, GCIH, or platform-specific certifications.
Company:
Kla creates tools and services that promote innovation in the electronics industry. Founded in 1975, the company is headquartered in Milpitas, USA, with a team of 10001+ employees. The company is currently Late Stage.