System Security Engineer

Help AG is looking for a System Security Engineer responsible for managing endpoint security technologies, including EDR/XDR platforms, endpoint management, OS hardening, and security monitoring. The role involves implementing security controls, managing patching and device compliance, supporting incident response, and automating security operations using tools such as Microsoft Defender, Intune, and PowerShell.

Responsibilities:

• Administer and manage endpoint detection and response solutions including Microsoft Defender for Endpoint, CrowdStrike Falcon, and SentinelOne.
• Perform policy configuration, exclusions management, alert triage, and proactive threat hunting.
• Manage next-generation antivirus and exploit protection features such as Attack Surface Reduction (ASR), Controlled Folder Access, and exploit mitigation.
• Configure Windows Defender Firewall, web filtering, and endpoint device control policies (e.g., USB restrictions).
• Implement application control using AppLocker and Windows Defender Application Control (WDAC).
• Apply Windows security hardening based on CIS Benchmarks and Microsoft Security Baselines.
• Manage Group Policy (GPO) and ADMX configurations including local admin restrictions and Windows LAPS.
• Manage enterprise device lifecycle using platforms such as Microsoft Intune, Microsoft Endpoint Configuration Manager (SCCM/MECM), Jamf (macOS), and Workspace ONE.
• Support device provisioning, enrollment workflows, and Windows Autopilot deployments.
• Manage patching using Windows Update for Business, WSUS, and SCCM.
• Deploy and maintain third-party updates for applications such as Google Chrome, Java, and Adobe Acrobat.
• Package and deploy applications using MSI, MSIX, and Win32 formats via scripting or management tools.
• Work with identity services including Active Directory and Microsoft Entra ID.
• Configure Conditional Access policies and device compliance policies.
• Manage endpoint security features including BitLocker disk encryption, key escrow, and recovery processes.
• Implement credential protection mechanisms such as Credential Guard, LSASS protection, and disabling legacy protocols (e.g., SMBv1, NTLM where possible).
• Support certificate-based authentication using PKI fundamentals for device, Wi-Fi, and VPN authentication.
• Analyze endpoint telemetry from Windows Event Logs, Sysmon, and Microsoft Defender advanced hunting.
• Support incident response activities including host isolation, artifact collection, scanning, containment, and remediation.
• Conduct endpoint triage investigations involving processes, services, scheduled tasks, registry persistence, and system artifacts.
• Perform threat hunting using KQL queries and map findings to the MITRE ATT&CK framework.
• Demonstrate understanding of networking concepts including TCP/IP, DNS, DHCP, and proxy configurations.
• Troubleshoot TLS/certificate issues, VPN client behavior, and split-tunneling impacts.
• Understand network requirements and firewall/proxy considerations for EDR and MDM communications.
• Develop automation scripts using PowerShell for device inventory, compliance validation, and remediation tasks.
• Integrate with APIs such as Microsoft Graph and EDR platform APIs for automation and reporting.
• Basic knowledge of Python scripting is considered an advantage.
  
  
  

Qualifications & Skills

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related field.
• 3–6+ years of experience in endpoint security, system security engineering, or cybersecurity operations.
• Hands-on experience with Microsoft security ecosystem including Defender, Intune, and Entra ID.
• Strong knowledge of endpoint protection technologies, device management, and security hardening practices.
• Experience with scripting (PowerShell required; Python is a plus).
• Familiarity with threat hunting, incident response, and endpoint forensic analysis.
• Preferred Certifications:
• CompTIA Security+
• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)
• Microsoft Security or Endpoint Management certifications
  
  
  

Benefits

• Health insurance with one of the leading global providers for medical insurance
• Career progression and growth through challenging projects and work
• Employee engagement and wellness campaigns and activities throughout the year
• Excellent learning and development opportunities
• Annual flight tickets
• Inclusive and diverse working environment
• Flexible / Hybrid working environment
• Open Door Policy
  
  
  

About Us

Help AG is the cybersecurity arm of e& enterprise (formerly Etisalat Digital) and provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security services and solutions that address their diverse requirements, enabling them to evolve securely with a competitive edge.

Present in the Middle East since 2004, Help AG was strategically acquired by e& (formerly Etisalat Group) in February 2020, creating a cybersecurity and digital transformation powerhouse in the region.

Help AG has firmly established itself as the regions trusted IT security advisor by remaining vendor-agnostic, trustworthy, independent, and cybersecurity focused. With best-of-breed technologies from industry-leading vendor partners, expertly qualified service delivery teams, and a state-of-the-art consulting practice, Help AG delivers unmatched value to its customers by strengthening their cyber defenses and safeguarding their businesses.

---