# Information Security Engineer - Endpoint
**Company:** [Palantir](https://hotfix.jobs/companies/palantir)
**Location:** New York, NY
**Experience:** 5+ years
**Skills:** Active Directory, Windows, Edr, Pam, Bloodhound, Impacket, Rubeus, Mimikatz, Windbg, Process Monitor, PowerShell, Python, Kerberos, Etw, Azure Ad
**Posted:** 2026-04-16
> Secures Palantir's global Windows and Active Directory infrastructure by hardening configurations, reducing attack surfaces, deploying defensive tools like EDR and PAM, and building detection automation. Requires 5+ years hands-on experience with AD attacks, Windows internals, and Python/PowerShell proficiency.
## Job Description
## Core Responsibilities
- Own the security posture of Palantir's Windows and Active Directory estate — hardening, configuration standards, and ongoing validation that those standards hold.
- Reduce attack surface across AD: audit and remediate misconfigurations, legacy protocol exposure, excessive privilege, Kerberos delegation abuse, and tier model violations.
- Evaluate, deploy, and own the configuration of defensive tooling across the Windows environment: **EDR**, **PAM**, identity threat detection, and endpoint hardening controls.
- Build and maintain automation for security operations across Windows infrastructure — patching pipelines, configuration drift monitoring, access reviews, and credential hygiene.
- Partner with Identity and Infrastructure teams to drive architectural improvements: tiered administration, **Protected Users**, **LAPS**, **Credential Guard**, and authentication policy silos.
- Translate findings from assessments and red team exercises into durable fixes — configuration changes, architectural improvements, and policy updates that reduce recurrence.

## What We're Looking For
### Active Directory
- Deep, working knowledge of AD architecture: sites and services, replication, trust relationships, delegation models, and the LDAP schema.
- Hands-on experience investigating and detecting AD attacks across the full kill chain — from initial enumeration through domain dominance.
- Familiarity with attack tooling (**BloodHound**, **Impacket**, **Rubeus**, **Mimikatz**, **CrackMapExec**) and, critically, what they leave behind.
- Experience hardening AD environments: tiered administration, **Protected Users**, **LAPS**, **Credential Guard**, **PAM** trusts, and authentication policy silos.

### Windows Internals
- Thorough understanding of Windows security architecture: access tokens, privilege model, integrity levels, **LSASS** and credential storage, **SAM**, and the Security Reference Monitor.
- Ability to read and interpret Windows kernel structures, driver behavior, and undocumented APIs when necessary.
- Proficiency with low-level analysis tools: **WinDbg**, **Process Monitor**, **Process Hacker**, **Volatility**, and **x64dbg**.
- Experience with **ETW**-based telemetry pipelines and building detections on top of raw Windows event data.

### Detection & Response
- Proven track record writing high-fidelity detection logic, not just tuning vendor signatures.
- Experience leading complex incident response investigations, including those involving nation-state or sophisticated criminal actors.
- Strong forensic fundamentals across disk, memory, and network artifacts on Windows systems.

## What We Value
- Experience with **Entra ID** (**Azure AD**), hybrid identity architectures, and cloud-based attack paths that pivot through on-prem AD.
- Prior work in adversary simulation, red teaming, or offensive security research — especially against AD targets.
- Public contributions: conference talks (**BlueHat**, **BSides**, **SANS**, etc.), blog posts, or open-source tooling.

## What We Require
- 5+ years of hands-on security experience, with the majority focused on Windows environments and Active Directory.
- Proficiency in **Python** or **PowerShell** for detection development, automation, and forensic tooling.
- Active **TS/SCI** security clearance, or eligibility and willingness to obtain one.
- A portfolio of real work: detections you've written, research you've published, tools you've built, or incidents you've led.
**Apply:** https://hotfix.jobs/jobs/information-security-engineer-endpoint-at-palantir-4fa0b080-52aa-4104-a631-2d2fcf452201
**Canonical:** https://hotfix.jobs/jobs/information-security-engineer-endpoint-at-palantir-4fa0b080-52aa-4104-a631-2d2fcf452201