Job Search and Career Advice Platform

Enable job alerts via email!

L2 Endpoint Security Engineer (Trend Micro)

proven

Riyadh

On-site

SAR 187,000 - 263,000

Full time

Yesterday
Be an early applicant

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Job summary

A leading cybersecurity firm based in Riyadh is seeking an experienced L2 Endpoint Security Engineer to oversee and manage protection operations for client environments using the Trend Micro stack. The ideal candidate will have 3-5 years of experience in endpoint/server security operations and a strong background in Windows/Linux administration. You will be responsible for incident response, logging, and maintaining security policies across various Trend Micro products. Competitive salary and opportunities for career advancement are offered.

Qualifications

  • 3–5 years in endpoint/server security operations with Trend Micro stack.
  • Strong hands-on experience across Apex One and at least two other Trend Micro products.
  • Basic scripting knowledge for deployment and health remediation.

Responsibilities

  • Maintain endpoint protection operations and ensure policy compliance.
  • Manage protection policies, including storage and email scanning.
  • Respond to incidents and control outbreaks effectively.
  • Perform daily health checks and document KPIs.

Skills

Endpoint/server security operations
Windows/Linux administration
ITIL change management
Basic scripting (PowerShell)

Tools

Apex One
Deep Security
Deep Discovery Inspector
Smart Protection Server
ScanMail for Exchange
Job description
Job Title

L2 Endpoint Security Engineer — Trend Micro Stack

Location

Riyadh

Job Summary

Own Endpoint & Server protection operations for Client’s environment: agent health & coverage, policy baselines, pattern/engine updates, sandbox & network detection signal triage, Exchange/SharePoint scanning, storage AV scans, daily health checks, outbreak handling, and audit evidence packaging (tickets, approvals, scans, reports) aligned to NCA ECC. You will operate Trend Micro tools day‑to‑day, keep protection current, tune policies, and provide evidence mapped to NCA ECC controls across malware protection, logging/monitoring, incident handling, and change management.

In-scope Trend Micro products (you will own)
  • Apex One (agents/policies, pattern updates, outbreak control, XDR tie‑ins)
  • Deep Security / Workload Protection for servers (anti‑malware, IPS, integrity monitoring, app control)
  • Deep Discovery: Inspector (DDI) network sandbox sensor; Analyzer (DDA/DDAN) sandbox; Director (DDD) centralized IOC/VA orchestration.
  • Smart Protection Server (SPS) (local reputation/update source)
  • ServerProtect for Storage (SPFS) (NAS/storage AV scanning)
  • PortalProtect for SharePoint (malware/URL scanning for SharePoint)
  • ScanMail for Exchange (mailbox/transport scanning)
Key Responsibilities
  1. Platform Health & Coverage
    • Daily checks: agent connectivity, update status, policy compliance, signature versions; document KPIs and exceptions (Apex One & Deep Security).
    • Maintain Smart Protection Server and update sources; ensure bandwidth‑efficient pattern delivery.
  2. Protection Policy Management
    • Maintain standard policy sets (workstations/servers/VDI), ransomware shields, web reputation, behavior monitoring, tune exclusions safely (Apex One/Deep Security).
    • Manage storage, SharePoint and Exchange scanning policies (SPFS, PortalProtect, ScanMail).
  3. Advanced Detection & Sandbox
    • Operate Deep Discovery Inspector for lateral movement visibility; triage detections and pivot to Analyzer (DDAN/DDA) for detonation; use Director to distribute IOCs and VA images.
  4. Incident Response & Outbreak Control
    • Run IOC sweeps, isolate hosts, force updates/scan, uninstall/reinstall agents when needed; package incident evidence and RCA (Apex One/Deep Security/Deep Discovery).
  5. Patching & Vulnerability Response (Tooling)
    • Track Trend advisories; plan patches (server/agents, DDI/DDA/DDD firmware), CAB docs, backout plan, and validation (Note: recent Apex One criticals—keep builds current).
  6. Logging, SIEM & Evidence
    • Forward events to SIEM; maintain dashboards for coverage, detections, quarantine, sandbox verdicts; archive reports to satisfy NCA ECC evidence.
  7. Docs & KT
    • Maintain SOPs (agent rollout, policy baseline, outbreak runbook, sandbox triage, SPFS scans, PortalProtect/ScanMail checks); run reverse‑shadowing for L1s.
Requirements
Required Qualifications
  • 3–5 years in endpoint/server security ops with Trend Micro stack; strong Windows/Linux admin.
  • Demonstrated hands‑on across Apex One and at least two of: Deep Security, DDI/DDA, SPS, SPFS, PortalProtect/ScanMail.
  • ITIL change/incident, basic scripting (PowerShell) for deployment/health remediation.
Preferred
  • Trend Micro certifications; XDR/Vision One exposure; Exchange/SharePoint admin basics.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
TrustpilotImage showing a rating of 4.5 out of 5 stars on Trustpilot for JobLeads, indicating a high level of customer satisfaction.
Rated “Excellent” based on 19,335 reviews
Top cities
Top companies
Popular jobs