Systems Engineer
JOB TITLE: Systems Engineer JOB LOCATION: Hybrid Springfield WAGE RANGE*: 70 - 75/ hour JOB NUMBER: 37079826 REQUIRED EXPERIENCE: • Mobile OS security fundamentals: iOS/iPadOS and Android security models, patching, permissions, app ecosystems, jailbreak/root detection concepts. • Vulnerability management expertise: CVE/patch lifecycle, risk-based prioritization, SLAs, validation, metrics. • Configuration compliance: baseline hardening, policy enforcement, continuous compliance monitoring, and drift remediation. • Mobility Scanning Tool Experience (hands-on): Qualys Mobile VMDR, Lookout, Workspace One Microsoft Threat Defense, or equivalent. • MDM experience (hands-on): Microsoft Intune, Omnissa Workspace ONE, Jamf Pro, or equivalent. • Enterprise integration skills: API integration, data normalization, and automation with SIEM/SOAR/ITSM (e.g., Splunk, Sentinel, QRadar; XSOAR, Sentinel SOAR; ServiceNow). • Identity & access: conditional access concepts, device compliance states, SSO, certificates, MFA, posture-based access controls. • Scripting/automation: PowerShell and/or Python; familiarity with REST APIs, JSON, OAuth, and secrets management. • Security documentation: ability to author PoT plans, architecture diagrams, operational runbooks, and audit evidence. • Excellent documentation and stakeholder management skills. • Strong analytical and problem-solving skills. • Excellent communication and stakeholder management skills; experience presenting PoT results and recommendations. • Ability to work independently and across multifunctional teams. • Detail-oriented with a focus on process improvement and operational excellence. • Ability to manage multiple workstreams (pilot integration operations) with minimal supervision. • Familiarity with NIST, CIS Benchmarks, DISA STIG (mobile), ISO 27001 control mapping, or similar frameworks. Educational Requirements • Bachelor's degree in Cybersecurity, Information Systems, Computer Science, Engineering, or equivalent practical experience. Relevant Certifications • CompTIA Security, CySA • GIAC: GSEC, GMON, or related (if available/appropriate) • Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant) • Governance / Risk / Architecture (bonus) • CISSP, CISM, CCSP • ITIL Foundation (for ITSM integration and operations maturity) Experience Level • 5 – 8 years in cybersecurity/endpoint security, with 2 – 4 years specifically in mobile/UEM security, vulnerability management, or compliance engineering JOB DESCRIPTION The Mobile Device Vulnerability Management & Configuration Compliance Engineer will partner with internal stakeholders to design, validate, and operationalize an automated mobile device vulnerability scanning and configuration compliance capability across enterprise-issued mobile endpoints (iOS/iPadOS and Android). This role leads proof-of-technology (PoT) activities including tool evaluation, architecture validation, security controls mapping, and pilot execution, and drives full-scale implementation through integration with other security tools such as MDM, SIEM/SOAR, ITSM, and asset inventory/CMDB systems. The engineer will establish and maintain mobile vulnerability management processes aligned to corporate and regulatory requirements, develop continuous compliance and policy enforcement strategies, implement risk-based remediation workflows, and deliver measurable improvements in mobile endpoint security posture. Key Responsibilities • Define PoT scope, success criteria, and test plans for automated mobile vulnerability scanning (e.g., agent-based/agentless, MDM-integrated, API-driven). • Evaluate candidate tools for: coverage (OS/app/cert/profile), detection accuracy, scalability, device impact, privacy controls, and reporting fidelity. • Execute pilots across representative device populations validating: o vulnerability detection capabilities (OS versions, CVEs, patch levels, risky apps) o configuration compliance checks (encryption, jailbreak/root, screen lock, OS hardening) o integration readiness (Intune/Workspace ONE/Jamf; SIEM; ITSM; CMDB) • Produce PoT outcomes: findings, risk analysis, cost/benefit, architecture decision record, and go/no-go recommendation. • Coordinate with InfoSec and Compliance teams to ensure SaaS platform posture aligns with regulatory requirements (NYDFS). • Build and run mobile vulnerability lifecycle processes: discovery, assessment, prioritization, remediation, validation, reporting. • Establish severity/risk scoring tuned for mobile (exposure, device role, app risk, compliance impact). • Coordinate remediation with endpoint engineering, mobility admins, app owners, and operations teams. • Validate remediation effectiveness using scanner re-runs, policy compliance, and audit evidence. • Develop, deploy, and continuously improve baseline security configurations for iOS/iPadOS and Android. • Translate requirements into enforceable policies (password/biometrics, encryption, OS update controls, app controls, certificate/profile constraints, VPN/Wi-Fi security, logging settings). • Implement compliance monitoring and drift detection; drive automated or semi-automated corrective actions. • Build automation scripts and APIs to normalize and enrich findings. • Support change management and communications for new controls impacting device behavior and user experience. • Provide technical guidance and training to operations teams for ongoing support. • GIAC: GSEC, GMON, or related (if available/appropriate) • Qualys/Rapid7/Tenable (or equivalent vulnerability platform certifications where relevant) • Governance / Risk / Architecture (bonus) • CISSP, CISM, CCSP • ITIL Foundation (for ITSM integration and operations maturity) Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities * While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
