Security Engineer - Endpoint

Truveta provides unprecedented real-world data and real-time intelligence, powered by a dataset built with and owned by US health systems united in a mission of Saving Lives with Data. Together, we power breakthrough medical discoveries, accelerate regulatory-grade evidence, and improve patient care. Today, Truveta enables research on more than 130 million de-identified patients across the US.  

Achieving Truveta’s ambitious mission requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

Who We Need  

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference.  We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful. 

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.  

This Opportunity  

The successful candidate will design and support solutions that support the company’s Digital Workplace strategy. They will work on leading edge technologies that help modernize endpoint management by leveraging the cloud to quickly deliver end-user improvements. 

Responsibilities: 

• Device Management: Define, implement and maintain endpoint hardening baselines for Windows, macOS, and Linux systems with MDM such as Microsoft Intune, and JAMF. 

• Policy & Hardening: Develop and enforce security policies, standards, and procedures for all endpoint devices. Implement system hardening configurations based on industry best practices. 

• Deploy & Manage Security Tools: Implement, configure, and maintain endpoint security solutions, including Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), antivirus/anti-malware software, and host-based firewalls. 

• Incident Response: Collaborate with IT and Security team to respond to endpoint-related incidents. Triage, remediate, and contain security incidents and threats on endpoints. Perform forensic analysis when necessary. 

• Vulnerability Management: Manage the endpoint vulnerability lifecycle, from discovery and assessment to remediation, using scanning tools and patch management systems. 

• Patch Management: Design and oversee the deployment of updates, security patches for operating system and applications. 

• Automation & Scripting: Develop scripts and automation (e.g., using Python, PowerShell) to streamline security operations, automate repetitive tasks, and improve response times. 

• AI Protection: Secure endpoints used for AI development, including devices accessing model weights, training data, and production inference systems, implementing guardrails on AI tool usage (e.g., prompt injection prevention in local LLM dev tools, restricted plugins/add-ons). 

• Data Loss Prevention: Enforce data loss prevention (DLP) and encryption policies on devices used to handle sensitive AI training datasets, including PHI/PII and proprietary corporation data. 

• On-call: Ability to participate in On-call rotation. 

• On-site: This position requires daily onsite work at Truveta office in Hyderabad. 

Qualifications 

• Experience: 3-5 years of hands-on experience in an endpoint security, cybersecurity engineering, or similar role. 

• Technical Proficiency: Deep understanding of modern operating systems (Windows, macOS) and their architecture, configuration and deployment in a large enterprise environment. 

• Cloud Experience: Strong hands-on experience on Azure Cloud PC, VM, Azure Firewall and Azure Networking. 

• MDM Expertise: Strong hands-on experience on Microsoft Intune and JAMF administration, such as device enrollment, OS upgrade/patch, configuration, profile.  

• Policy Management: Define and assign compliance/security policies to ensure corporation devices meet organizational security standards. 

• Application Management: Strong hands-on experience on applications control, deployment, patch and upgrade. 

• EPM: Proven experience with industry-leading EPM platforms such as CyberArk and BeyondTrust to control user privileged access and provide advanced threat protection and vulnerability management. 

• Networking: Solid understanding of TCP/IP IPv4/v6, experience of office network (Routing / Switching / WAN, Wi-Fi & Security) management and network security concepts. 

• Security Principles: Strong knowledge of cybersecurity frameworks (e.g., NIST, MITRE), threat intelligence, and incident response methodologies.  

• Compliance: Experiences with SOC 2 Type 2, HITRUST, and ISO compliance frameworks. Interact with the compliance team to ensure the company compliant and remediate gaps during compliance finding and controls. 

• Collaboration: Excellent verbal and written communication/presentation, ability to explain complex technical concepts to both technical and non-technical audiences.