Staff Endpoint Security Engineer

About the role

With electric vehicles expected to be nearly 30% of new vehicle sales by 2025 and more than 50% by 2040, electric mobility is becoming a reality. ChargePoint (NYSE: CHPT) is at the center of this revolution, powering one of the world's leading EV charging networks and a comprehensive set of hardware, software and mobile solutions for every charging need across North America and Europe. We bring together drivers, businesses, automakers, policymakers, utilities and other stakeholders to make e-mobility a global reality. Since our founding in 2007, ChargePoint has focused solely on making the transition to electric easy for businesses, fleets and drivers. ChargePoint offers a once-in-a-lifetime opportunity to create an all-electric future and a trillion-dollar market. At ChargePoint, we foster a positive and productive work environment by committing to live our values of Be Courageous, Charge Together, Love our Customers, Operate with Openness, and Relentlessly Pursue Awesome. These values guide how we show up every day, align, and work together to build a brighter future for all of us. Join the team that is building the EV charging industry and make your mark on how people and goods will get everywhere they need to go, in any context, for generations to come. Reports To Senior Manager - Information Security

Responsibilities

• What You Will Bring to ChargePoint
• Endpoint Protection & Hardening
• Define, implement, and enforce endpoint security baselines and hardening standards across Windows, macOS, and Linux platforms in alignment with CIS Benchmarks, NIST guidelines, and organisational policy.
• Deploy, manage, and tune Endpoint Detection and Response (EDR) solutions (e.g., CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or equivalent) across all device types.
• Implement and maintain antivirus, anti-malware, host-based firewall, application allowlisting/blocklisting, and data loss prevention (DLP) controls.
• Conduct regular endpoint vulnerability assessments and drive timely remediation in coordination with IT and asset owners.
• Manage full-disk encryption across platforms - BitLocker (Windows), FileVault (macOS), and LUKS/dm-crypt (Linux).
• Mobile Device Management (MDM)
• Architect, deploy, and manage enterprise MDM solutions - including Jamf Pro (macOS/iOS), Microsoft Intune, VMware Workspace ONE, or equivalent platforms - across the organisation's full device fleet.
• Design and enforce MDM enrolment workflows, device compliance policies, configuration profiles, and conditional access rules.
• Manage application lifecycle through MDM - packaging, deployment, patching, and removal across managed endpoints.
• Manage certificate lifecycle and PKI integration for device authentication and Wi-Fi/VPN access.
• Windows Endpoint Security
• Manage and harden Windows endpoints using Group Policy (GPO), Microsoft Endpoint Configuration Manager (MECM/SCCM), and Microsoft Intune.
• Implement and maintain Windows Defender suite - Defender Antivirus, Defender for Endpoint, Defender Firewall, and Attack Surface Reduction (ASR) rules.
• Oversee Windows patch management processes ensuring timely deployment of OS and application updates.
• Configure and monitor Windows Event Logging, Sysmon, and audit policies for comprehensive endpoint telemetry.
• macOS Endpoint Security
• Manage macOS fleet security using Jamf Pro - configuration profiles, extension attributes, smart groups, policies, and patch management.
• Implement macOS security controls including system integrity protection (SIP), Gatekeeper, TCC (Transparency, Consent & Control), and secure boot settings.
• Develop and maintain custom Jamf scripts (Bash, Python, Swift) for automation, remediation, and compliance reporting.
• Manage macOS MDM enrolment via Apple Business Manager (ABM) / Apple School Manager (ASM) and DEP/ADE workflows.
• Linux Endpoint Security
• Harden Linux endpoints (Ubuntu, RHEL, CentOS, Debian, or equivalent) using industry-standard security frameworks and configuration management tools (Ansible, Chef, Puppet, or similar).
• Implement and manage SELinux / AppArmor policies, auditd configurations, and host-based intrusion detection (OSSEC, Wazuh, or equivalent).
• Manage Linux patch management and software inventory using tools such as Landscape, Ansible, or Satellite.
• Monitor and respond to Linux endpoint security events using EDR agents and SIE

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ChargePoint? Share your experience