Infrastructure Security Operations Engineer

The Infrastructure Security Operations Engineer – Vulnerability Management SME will be responsible for maintaining and improving Endava’s global security posture, with a primary focus on vulnerability management, endpoint security, and application control. This role requires expertise in Intune for endpoint management and policy enforcement, ThreatLocker for application control, and patch management strategies to minimize security risks. The engineer will also act as an escalation point for infrastructure security-related incidents, ensuring compliance with Endava’s security policies and industry standards.

Principal Functional Responsibilities

• Vulnerability Management & Remediation
• Lead vulnerability remediation efforts across infrastructure and endpoints.
• Collaborate with other IT functions to ensure vulnerabilities are addressed promptly.
• Maintain and enhance vulnerability management processes to align with compliance and security frameworks.
• Endpoint Management & Security (Intune)
• Configure and enforce security policies using Microsoft Intune for endpoint compliance.
• Manage and optimize device security baselines, including endpoint hardening, encryption, and conditional access policies.
• Provide operational support for Microsoft Defender ATP and related endpoint protection solutions.
• Patch Management
• Design and implement patch management strategies for servers, workstations, and cloud infrastructure.
• Ensure timely deployment of security patches and updates across all systems.
• Develop and maintain automated patch deployment workflows to minimize operational impact.
• Application Management & Control (ThreatLocker)
• Administer and maintain ThreatLocker for application control, whitelisting, and execution restrictions.
• Define and enforce policies to prevent unauthorized application usage and mitigate security threats.
• Monitor and analyze application security events, responding to potential security incidents.
• Security Incident Response & Compliance
• Act as an escalation point for security incidents and vulnerabilities affecting infrastructure.
• Ensure all security controls comply with regulatory and company security standards.
• Support security audits, compliance assessments, and reporting.
• Continuous Improvement & Collaboration
• Work closely with IT Operations, Cloud, and Security teams to drive security initiatives.
• Participate in security infrastructure upgrades and optimizations.
• Stay up to date with emerging threats, vulnerabilities, and industry best practices.

Qualifications

Education & Certifications

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or Telecommunications (or equivalent experience).
• Security-related certifications and ITIL are a plus.

Experience & Skills

• 3+ years of experience in Security Operations, Vulnerability Management, or Endpoint Security.
• Expertise in Vulnerability Management tools and best practices.
• Strong knowledge of Microsoft Intune for endpoint policy management.
• Hands-on experience with ThreatLocker (or similar) for application control and whitelisting.
• Proficiency in patch management methodologies across Windows, macOS, and Linux environments.
• Familiarity with Microsoft Defender ATP, Palo Alto Prisma, and other EDR/XDR solutions.
• Experience working with Active Directory, DNS, and Group Policies.
• General knowledge of cloud security (Azure, AWS, SaaS environments).
• Strong understanding of incident management, change management, and security compliance.
• Excellent analytical skills, problem-solving abilities, and communication skills.

Preferred Qualifications

• Experience with PowerShell for security automation.
• Knowledge of zero-trust security models and modern endpoint security frameworks.

Additional Information

At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.