Endpoint Security Engineer
Company: Booz Allen Hamilton
Location: Reston
Posted on: April 1, 2026
|
|
|
Job Description:
Endpoint Security Engineer Key Role: Design, deploy, manage, and
operationalize enterprise endpoint data protection controls as a
Trellix Endpoint Data Loss Prevention ( DLP ) Engineer. Serve as
the technical owner for Trellix EDR / DLP components, ensuring
sensitive data is identified, monitored, and protected across the
enterprise. Use analytical, engineering, and stakeholder e nga
gement capabilities to assist with information protection strategy.
Play a core role in safeguarding the organization's data. Build an
enterprise-grade data protection program with visibility across
security leadership, risk, and operational teams. Lead enterprise
deployment, configuration, tuning, and maintenance of Trellix
Endpoint DLP, including policy automation, agent health, and
performance optimization. Assist with analyzing, testing, and
operationalizing DLP policies , rulesets, classification logic, and
incident workflows aligned to data governance requirements.
Integrate the Trellix DLP platform with SIEM, SOAR, CASB, CMDB, and
identity security tools for end-to-end visibility and automated
response. Analyze DLP tele met ry, alerts, and incidents to
identify data exfiltration patterns, risk signals, and false
positives. Partner with legal, compliance, data governance, and HR
to define rulesets, thresholds, and exception workflows. Develop
engineering playbooks, standard operating procedures, and runbooks
for policy lifecycle management. Manage endpoint agent health,
upgrades, change control, and enterprise-wide platform stability. C
ond uct root-cause analysis for user-impact, policy misfires,
broken workflows, and endpoint inventory issues. Provide guidance
to application and business teams on data classification, tagging,
and secure data-handling practices. Align DLP implementations with
Zero T rus t, privacy, and enterprise data protection strategies.
Basic Qualifications: 4 years of experience in cybersecurity
engineering, data protection, or endpoint security 2 years of
experience with endpoint security tools such as Trellix Endpoint
DLP, Trellix ePO, Micro sof t purview, Symantec, Forcepoint, or
Netwrix, or asso cia ted modules, agent-based controls, and Windows
and Linux endpoint management and troubleshooting 2 years of
experience developing and deploying solutions for highly regulated
industries such as healthcare, finance, federal, defense, and
energy Experience with integration patterns across SIEM, SOAR, and
identity security platforms, and broader Trellix or McAfee security
stack such as ENS, DLP Monitor, DLP Discover, and ePO Experience
with scripting in PowerShell, Python, or Bash for automation and
workflow optimization, creating classification taxonomies, and
integrating DLP with enterprise data catalogs Ability to interpret
data movement patterns and policy outcomes Active TS/SCI clearance;
willingness to take a polygraph exam Asso cia te’s degree and 5
years of experience supporting IT projects and activities,
Bachelor’s degree and 3 years of experience supporting IT projects
and activities, or Master’s degree and 1 years of experience
supporting IT projects and activities DoD 8570.01-M Information
Assurance Techni cia n ( IAT ) Level II Certification such as
Security CE, CCNA-Security, GSEC, SSCP, CySA, GICSP, or CND
Certification Ability to obtain a DoD 8570.01-M Cybersecurity
Service Provider - Infrastructure Support Certification such as
CEH, CHFI, CFR, Cloud, or CND Certification, within 30 days of
start date Additional Qualifications: Knowledge of data loss
prevention concepts, endpoint security controls, and data
classification models Possession of strong analytical skills
Clearance : Applicants selected will be subject to a security
investigation and may need to meet eligibility requirements for
access to classified information ; TS/SCI clearance is required.
Compensation At Booz Allen, we celebrate your contributions,
provide you with opportunities and choices, and support your total
well-being. Our offerings include health, life, disability,
financial, and retirement benefits, as well as paid leave,
professional development, tuition assistance, work-life programs,
and dependent care. Our recognition awards program acknowledges
employees for exceptional performance and superior demonstration of
our values. Full-time and part-time employees working at least 20
hours a week on a regular basis are eligible to participate in Booz
Allen’s benefit programs. Individuals that do not meet the
threshold are only eligible for select offerings, not inclusive of
health benefits. We encourage you to learn more about our total
benefits by visiting the Resource page on our Careers site and
reviewing Our Employee Benefits page. Salary at Booz Allen is
determined by various factors, including but not limited to
location, the individual’s particular combination of education,
knowledge, skills, competencies, and experience, as well as
contract-specific affordability and organizational requirements.
The projected compensation range for this position is $77,600.00 to
$176,000.00 (annualized USD). The estimate displayed represents the
typical salary range for this position and is just one component of
Booz Allen’s total compensation package for employees. This posting
will close within 90 days from the Posting Date. Identity Statement
As part of the hiring process, we will ask you to complete an
identity verification process that leverages advanced biometrics
and artificial intelligence to ensure authenticity and protect
against identity fraud. You are expected to be on camera during
interviews and assessments. We reserve the right to take your
picture to verify your identity and prevent fraud. Candidate AI
Usage Policy AI is a part of our daily work at Booz Allen, and we
are committed to the responsible and ethical use of AI tools.
However, we want to ensure a fair candidate process based on your
own skills and knowledge. As part of this commitment, the use of
artificial intelligence (AI) or other tools to assist with
responses during interviews (whether in-person or virtual) is
prohibited unless permission is explicitly provided . Work Model
Our people-first culture prioritizes the benefits of collaboration,
whether it occurs in person or virtually. To support engagement and
effective communication, employees working virtually are generally
expected to have their cameras on during meetings. Remote : If this
position is listed as remote, there may still be occasions when you
are required to work in person at a Booz Allen or customer
facility. Hybrid : If this position is listed as hybrid, you will
be expected to work from a Booz Allen facility frequently, in
alignment with leadership expectations and the needs of the role.
You may also be required to work from or visit a customer facility.
Onsite : If this position is listed as onsite, work will primarily
be performed at a Booz Allen office or customer facility, where
employees will collaborate directly with colleagues and customers
as required by the role. Commitment to Non-Discrimination All
qualified applicants will receive consideration for employment
without regard to disability, status as a protected veteran or any
other status protected by applicable federal, state, local, or
international law.
Keywords: Booz Allen Hamilton, Tuckahoe , Endpoint Security Engineer, IT / Software / Systems , Reston, Virginia
