Company OverviewKLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world's leading technology providers to accelerate the delivery of tomorrow's electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.
Job Description/Preferred Qualifications
The Cybersecurity group at KLA is involved in every aspect of the global business. The KLA Cybersecurity group defends against cyber-attacks and provides cybersecurity tools, incident response services and assessment capabilities to safeguard the environments that support the essential operations of KLA. We are passionate about identifying adversarial activities and anticipating a wide variety of threats to strengthen our defenses and the overall protection of KLA Intellectual Property.
We are seeking an Endpoint Detection Engineer to serve as the hands-on subject matter expert for our enterprise endpoint detection platforms. This role is responsible for the configuration, tuning, lifecycle management, and continuous improvement of our EDR and EPM tooling from a cybersecurity perspective, ensuring the platform is optimally deployed, deeply integrated with our broader security stack, and proactively evolving to address emerging threats. You will partner closely with the SOC and IT Security teams to align detection capabilities with operational workflows, serving as the primary technical liaison.
Platform Configuration & Optimization
Own the design, configuration, and ongoing optimization of the enterprise EDR and EPM platforms across Windows, macOS, and Linux environments.
Define and author endpoint hardening standards, detection policies, exclusion logic, and response baselines aligned with industry best practices.
Ensure endpoint platforms integrate effectively with SIEM, SOAR, SOC workflows, and identity platforms to maximize telemetry value and response automation.
Proactively evaluate new platform features, capabilities, and emerging technologies, leading proof-of-concept testing and driving adoption of enhancements that strengthen security posture.
Monitor agent health, fleet coverage, and version compliance; manage agent lifecycle including upgrades, rollouts, and rollback procedures.
Detection Engineering & Incident Response
Collaborate with detection engineers to develop, evaluate, and continuously refine endpoint-based detections mapped to MITRE ATT&CK techniques and real-world threat actor TTPs.
Partner with the SOC to improve detection fidelity, reduce false positive rates, and enhance automated response capabilities tied to endpoint threats.
Assist in endpoint-related security incident investigations, leveraging endpoint telemetry for root cause analysis, forensic evidence collection, and remediation guidance.
Contribute to proactive threat hunting missions with the Cyber Threat Intelligence team, using behavioral analytics and endpoint telemetry to surface threats that evade automated detection.
Drive root cause analysis following incidents or platform issues and implement continuous improvements to prevent recurrence.
Troubleshooting & Interoperability
Identify and resolve complex performance, stability, and interoperability issues between the endpoint agents and other tooling including EPM, DLP, and MDM solutions.
Serve as the primary technical liaison with the endpoint platform vendors, managing escalations, product roadmap input, and coordination on advanced support cases.
Partner with IT Security and infrastructure teams to troubleshoot deployment and compatibility issues across the enterprise endpoint fleet.
Write and maintain technical documentation including configuration standards, operational runbooks, and troubleshooting guides.
PREFERRED QUALIFICATIONS
Experience supporting or participating in red team, purple team, or adversary simulation exercises.
Malware analysis or reverse engineering experience is highly desirable.
Familiarity with digital forensics tooling and methodology (e.g., KAPE / Zimmerman Tools) for endpoint artifact analysis.
Familiarity with MDM/MAM solutions (Intune, JAMF, Workspace ONE) and their interplay with endpoint security tooling.
Working knowledge of security hardening benchmarks (CIS Controls, NIST 800-53) and how to operationalize them at the endpoint layer.
Experience in regulated or large enterprise environments with compliance requirements (PCI-DSS, ISO 27001, or similar).
Relevant certifications such as GCDA, GREM, GCIH, or platform-specific certifications.
Minimum Qualifications
Five (5) years of hands-on experience in cybersecurity, with at least 2 years focused on EDR)/XDR and EPM platform administration and engineering.
Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
Demonstrated expertise with one... For full info follow application link.
KLA-Tencor is an Equal Opportunity Employer. Applicants will be considered for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability, or any other characteristics protected by applicable law.
