Join AT&T and reimagine the communications and technologies that connect the world. Our Chief Security Office ensures that our assets are safeguarded through truthful transparency, enforce accountability and master cybersecurity to stay ahead of threats. Bring your bold ideas and fearless risk-taking to redefine connectivity and transform how the world shares stories and experiences that matter. When you step into a career with AT&T, you won’t just imagine the future-you’ll create it.

Overview:

We are seeking a highly skilled Endpoint Security Platform Engineer to join our Cybersecurity team. This is a hands-on, deeply technical role responsible for deploying, operating, and optimizing endpoint security technologies at large global enterprise scale (tens of thousands of endpoints).

Initial focus: Lead the enterprise Tanium deployment, configuration, tuning, and operationalization across a global fleet.

Long-term scope: After Tanium is stabilized, the role expands to broader ownership of endpoint security platforms including EDR, Remote Access VPN, DLP, and proxy/web controls, with a strong emphasis on AI-assisted monitoring, analytics, triage, automation, risk scoring, trend analysis, and reporting to improve security outcomes and operational efficiency.

Key Roles & Responsibilities:

1) Tanium Engineering & Operations (Initial Primary Focus)

• Lead the deployment, configuration, tuning, and ongoing operations of Tanium across a large global endpoint fleet.
• Implement and optimize Tanium modules including Asset, Comply, Deploy, Threat Response, and Reveal, ensuring high availability, performance, and data quality.
• Own endpoint agent rollout strategy, upgrades, health monitoring, and troubleshooting at scale.
• Build and maintain custom content (e.g., sensors, packages, queries, dashboards) to support inventory, vulnerability identification, compliance, and incident response.
• Serve as the Tanium SME during security incidents, audits, and compliance initiatives.

2) Endpoint Security Platforms (Broader, Long-Term Scope)

• Deploy and manage endpoint security agents and controls for:
  • Remote Access VPN (e.g., Palo Alto GlobalProtect)
  • DLP (e.g., Microsoft Purview/Defender and Forcepoint)
  • EDR (e.g., SentinelOne and/or Palo Alto Cortex XDR)
  • Proxy / secure web access controls (endpoint agent and policy enforcement as applicable)
• Provide Tier-3 engineering support for endpoint security platforms, including root-cause analysis, performance tuning, policy/exclusion management, and vendor escalation.
• Participate in a weekly on-call support rotation for endpoint security platforms (Tanium, EDR, VPN, DLP, and proxy/web controls), responding to urgent incidents/outages, driving triage to resolution, and coordinating with internal teams and vendors as needed.
• Standardize global deployment patterns and endpoint security baselines to ensure consistent control coverage and user experience.

3) Integrations, Automation, and AI-Driven Security Operations

• Build and maintain integrations between Tanium and other enterprise security tools to improve automation, inventory, vulnerability identification, and threat response.
• Implement AI-assisted monitoring and analytics to improve signal-to-noise, accelerate detection/triage, and reduce manual effort, including:
  • AI-assisted alert enrichment and triage (correlation, deduplication, prioritization)
  • AI-driven risk scoring for endpoints/users based on posture, vulnerabilities, and behavioral signals
  • Trend analysis (control coverage, agent health, patch/compliance drift, incident patterns)
  • Automated reporting for operational health, compliance, and executive-level metrics
• Develop and maintain automation (APIs, scripting, orchestration) to support:
  • Agent deployment/upgrade workflows
  • Compliance checks and remediation
  • Incident response actions (containment support, rapid scoping, targeted remediation)
  • Continuous control validation and drift detection

4) Documentation, Runbooks, and Operational Excellence

• Maintain detailed runbooks, operational playbooks, and endpoint security baselines for global deployment consistency.
• Define and track KPIs (coverage, agent health, MTTR, compliance posture, vulnerability exposure) and produce recurring operational and risk reports.
• Partner with Security Operations, Infrastructure, and End-User Computing teams to align endpoint tooling with incident response, vulnerability management, and compliance workflows.
• Conduct root cause analysis for endpoint performance/telemetry issues and drive remediations through coordinated change management processes.

Required Qualifications:

• 5+ years in endpoint security or endpoint systems engineering within large enterprise environments.
• Hands-on experience deploying and operating endpoint security agent technologies such as EDR, DLP, and VPN (proxy/web controls experience a plus).
• Strong Tanium capability (deployment and operations) and ability to function as an SME during incidents/audits/compliance efforts.
• Demonstrated experience building integrations across security tools to improve automation and response.
• Experience using AI-assisted workflows in security operations (monitoring/analytics/triage/automation) and translating outputs into actionable engineering changes.
• Strong scripting/automation skills (e.g., PowerShell, Python, APIs) and comfort operating at scale across global fleets.
• Strong expertise in endpoint operating systems (Windows, Linux, Android, and iOS), including OS internals, security hardening, configuration management, and troubleshooting at enterprise scale.
• Ability to work effectively with distributed, cross-functional teams on security tool deployment and integration projects.
• Self-reliant, diligent follow-through on assigned tasks; able to operate well under pressure and urgent circumstances.
• Ability to produce clear technical documentation and operational reporting.

Preferred Qualifications:

• Tanium Certified Operator or Administrator.
• Deep experience with Tanium modules: Asset, Comply, Deploy, Threat Response, Reveal.
• Experience with Palo Alto GlobalProtect, Microsoft Purview/Defender + Forcepoint DLP, and SentinelOne / Cortex XDR.
• Experience implementing AI-driven capabilities such as:
  • Endpoint/posture risk scoring models
  • Automated trend and anomaly detection
  • AI-assisted executive reporting and operational dashboards
• Experience designing endpoint security architecture and standardizing global deployment patterns.
• Security certifications such as CISSP, GIAC, or equivalent

What Success Looks Like

• Tanium is deployed and operating reliably at scale with strong coverage, performance, and actionable reporting.
• Endpoint security platforms (EDR/VPN/DLP/proxy) are operationally mature: consistent deployments, measurable health, and efficient Tier-3 support.
• The weekly on-call rotation runs smoothly with clear runbooks, fast triage, and measurable improvements in stability and MTTR.
• AI-assisted monitoring, analytics, triage, and automation measurably improve speed and quality of response, reduce manual workload, and enhance risk visibility through scoring, trends, and reporting.

Education/Experience: Bachelor’s degree (BS/BA) desired in Computer Science or Cybersecurity. 7+ years of related experience. Certification is required in some areas.

Supervisor:

No

Our Principal Cybersecurity earns between $155,000-$233,200 USD Annual, not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography, experience, expertise, and education/training.