Device Security Engineer

As a Device Security Engineer within the Cyber Engineering & Architecture function, you will own the definition, governance and continuous improvement of our customer’s device security posture across devices including endpoints, mobile devices, servers and IoT. This is a hands‑on technical SME role responsible for delivering device security standards, secure‑by‑design architectures, and the engineering and governance of protective and compliance control baselines, in close partnership with IT Infrastructure, Cloud and End User Computing teams. Cross-functional cyber collaboration is also key, managing privileged access and data protection on devices, and supporting incident remediation and root‑cause improvements when needed.

This is a hybrid role, so the successful candidate will be expected to attend the office in Dublin at least once a week.

Required Experience:

• Minimum of 10 years’ industry experience with at least 5 years in endpoint / device security engineering roles.
• Hands‑on experience implementing endpoint and mobile device management and security controls e.g., Intune, JAMF, Tanium
• Hands‑on experience with device security platforms e.g., CrowdStrike, Microsoft Defender
• Experience partnering with infrastructure, cloud, endpoint operations teams for compliance governance, device lifecycle and support processes.
• Experience working with managed service providers for shared responsibilities of security management and operations
• Device security certifications e.g., CISSP, OS or vendor specific certifications
• Strong understanding of endpoint security architecture, hardening, device compliance and secure configuration management.
• Ability to translate security requirements into enforceable technical controls and baselines.
• Strong troubleshooting skills for device security issues and control gaps.
• Strong communication and stakeholder management skills across IT and business teams.

Key responsibilities & duties include:

• Own device security policies, standards, and best practices for servers, endpoints and mobile devices, including shared device scenarios.
• Define, engineer and govern device hardening baselines, compliance requirements, and configuration standards.
• Management of device security platforms, for engineering and support of security policies, controls and operations, in partnership with managed service providers.
• Govern device protection and response controls (EDR/AV posture) in partnership with operations teams, ensuring effective coverage and configuration.
• Define and govern device identity and access requirements (e.g., conditional access readiness, local admin access, endpoint elevated access, device compliance gates) in collaboration with Identity Security.
• Drive remediation of device security non‑compliances, control gaps and high‑risk configurations, prioritised by business criticality.
• Act as device security SME during incidents, supporting containment and longer‑term control improvements.
• Maintain device security blueprints and documentation (baseline builds, exception patterns, shared device secure patterns) to support consistent delivery and audit readiness.
• Partner with Cyber Defence to ensure endpoint telemetry and detections are aligned to monitoring coverage and response playbooks.
• Provide guidance to technology teams on secure-by-design device standards for new endpoint builds, images, virtual desktops, and shared device use cases.
• Support continuous improvement initiatives including automation of compliance enforcement and reporting where feasible.

Desirable skills

• Experience designing secure patterns for shared devices and frontline/operational device use cases.
• Knowledge of ransomware protection best practices and endpoint attack techniques.
• Relevant industry security certifications.
• Proven engineering and/or architecture experience in at least one other Cyber domain e.g. infrastructure security, network security, identity security