DNS & ENDPOINT SECURITY ADVISOR

Role Overview We are seeking a senior DNS and Endpoint Security Advisor to provide expert guidance on the design, hardening, and management of DNS infrastructure and endpoint security programs. This role combines deep technical knowledge with advisory capabilities to reduce the organization's attack surface, detect threats early, and ensure robust protection across all endpoints and DNS layers.

Key Responsibilities

• Design and implement secure DNS architectures including DNS filtering, DNS over HTTPS/TLS, and split-horizon DNS configurations
• Advise on and oversee endpoint security strategies covering EDR/XDR platforms, AV, application control, and device hardening
• Evaluate and recommend DNS security solutions to protect against DNS hijacking, tunneling, cache poisoning, and DDoS attacks
• Define endpoint hardening baselines aligned with CIS Benchmarks, STIG, and organizational security policies
• Integrate DNS security and endpoint telemetry with SIEM and threat intelligence platforms
• Lead incident response efforts related to DNS-based attacks and endpoint compromise events
• Conduct security assessments of existing DNS and endpoint environments, producing actionable remediation roadmaps
• Develop policies, standards, and runbooks for DNS management and endpoint security operations
• Provide expert advisory support to infrastructure, SOC, and network teams on DNS and endpoint security matters
• Stay current with emerging DNS and endpoint threat vectors and advise on proactive defensive measures

Requirements

• Bachelor's or Master's degree in Computer Science, Network Engineering, Information Security, or related field
• Minimum 8 years of experience in infrastructure security with strong focus on DNS and endpoint domains
• Relevant vendor or OS specialization certification (e.g., Microsoft, Cisco, Palo Alto, CrowdStrike, or equivalent — required)
• Expert-level knowledge of DNS protocols, DNSSEC, DNS filtering technologies, and secure DNS architectures
• Deep expertise in endpoint security platforms (CrowdStrike, SentinelOne, Microsoft Defender, or similar)
• Strong understanding of OS internals (Windows and Linux) and endpoint hardening methodologies
• Experience with threat hunting and incident response in DNS and endpoint contexts

Vertical:

Technology