• Own the deployment, configuration, and lifecycle management of endpoint security tooling (EDR/ETR/EPP, host-based controls, hardening frameworks). • Design and enforce security configuration baselines across Windows, macOS, and Linux systems. • Build and manage configuration enforcement mechanisms (Ansible-based or similar) to detect and remediate drift on endpoints, particularly Linux systems. • Develop automation to deploy endpoint agents and security tooling, apply role/group/system-type specific configurations, continuously re-apply or enforce desired-state configurations. • Partner on RBAC design and implementation for endpoint and server access. • Collaborate with IT, Infrastructure, and Security teams to integrate endpoint security with identity and access controls, server and workstation provisioning pipelines, incident response and detection workflows. • Write and maintain code and infrastructure that supports endpoint security enforcement (Python, Bash, PowerShell, Ansible; Terraform as applicable). • Help define and document endpoint security standards, runbooks, and operational playbooks. • Serve as a technical voice for endpoint security decisions, tradeoffs, and future roadmap planning.