26-1097: Device / Endpoint Security Engineer (Posture, Enforcement, EDR ) - Herndon, VA

• Lead the Devices pillar (PWS §5.3) — Policy Enforcement & Compliance Monitoring, Asset & Supply-Chain Risk Management, Resource Access, and Device Threat Protection.
• Design, deploy, and operate the USCIS EDR / MDM / posture stack; tune detection content; maintain golden baseline images.
• Engineer automated quarantine and isolation playbooks integrated with Swimlane SOAR (PWS §5.7.3.b).
• Run continuous compliance monitoring; identify and remediate posture drift; integrate with vulnerability and patch management.
• Partner with Identity, Networks, and Visibility & Analytics pillar leads on cross-pillar enforcement chains (device posture → conditional access → micro-segmentation).
• Produce Devices-pillar ZTMM maturity evidence; support monthly PMR and Government deliverables.
• Support incident response from the endpoint perspective; participate in on-call rotation.

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, EE, or related discipline (4 additional years of relevant experience may substitute).
• 5+ years hands-on enterprise endpoint security engineering — design, deploy, and operate EDR, MDM/UEM, posture, and compliance tooling at scale (≥10K endpoints).
• Hands-on with at least two of: CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Tanium, or VMware Carbon Black.
• Experience with MDM / UEM platforms — Microsoft Intune, VMware Workspace ONE, Jamf (macOS), or IBM MaaS360.
• Experience with device posture / NAC / ZTNA enforcement platforms — Cisco ISE, Forescout, Palo Alto Prisma Access, Zscaler ZPA, Netskope Private Access, or equivalent.
• Working knowledge of Windows, macOS, and Linux endpoint hardening per DISA STIG and CIS Benchmarks.
• Experience with vulnerability management — Tenable.sc/.io, Nessus, Qualys, or Rapid7 — and integration with patch management (SCCM, Intune, Ivanti, BigFix).
• Familiarity with NIST SP 800-53 (CM, SI, RA control families), NIST SP 800-128, CISA ZTMM Devices pillar, and HSPD-12 PIV operations.
• DoD 8570/8140 IAT-II baseline certification — Security+ CE, CySA+, CCNA Security, GCIH, GMON, or CISSP — held or obtainable within 90 days of EOD.
• U.S. Citizenship required.
• Active DHS USCIS Public Trust clearance or Secret (or above) for reciprocity.

Equal Employer/Veterans/Disabled

Navitas Business Consulting is an affirmative action and equal opportunity employer. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Navitas Human Resources.

Navitas is an equal opportunity employer. We provide employment and opportunities for advancement, compensation, training, and growth according to individual merit, without regard to race, color, religion, sex (including pregnancy), national origin, sexual orientation, gender identity or expression, marital status, age, genetic information, disability, veteran-status veteran or military status, or any other characteristic protected under applicable Federal, state, or local law. Our goal is for each staff member to have the opportunity to grow to the limits of their abilities and to achieve personal and organizational objectives. We will support positive programs for equal treatment of all staff and full utilization of all qualified employees at all levels within Navitas.