🖥 Endpoint Security Analyst

Full-time, Remote

🖥 Endpoint Security Analyst

Full-time, Remote
Submit Resume View Available Positions

Kolide’s Mission

We help organizations practice Honest Security

Building software that secures and manages digital assets

While demonstrating empathy, respect, and care for what is most important – people

Empowering them to do the best work of their lives.


Kolide is a VC-backed remote-first startup building device management and security software for fast-growing companies that value Honest Security. With hundreds of customers and a novel approach to solving security and compliance concerns, Kolide is poised to grow quickly over the next few years. To prepare, we are looking to responsibly develop our organization to help us meet our lofty goals while increasing our organization’s diverse set of skills and perspectives.

About The Job

The Endpoint Security Analyst is a new role at Kolide, that is responsible for maintaining, improving, and expanding the Ground Truth we collect from Windows, Mac, and Linux devices.

This involves taking easy to articulate goals, (ex: “verify that Linux isn’t missing any important security patches”) and translating them into technical strategies and endpoint queries that will work across the variations of devices, platforms, and operating systems we support.

Occasionally these goals are solved simply using well documented and supported APIs, other times they require years of continual background effort that include reverse engineering and clever tricks to solve correctly.

Here is an example of projects that Kolide employees have recently completed that are representative of the work we want to hand-off to an Endpoint Security Analyst:

  • Research the ways to detect if an out of date version of Firefox is open
  • Write an Osquery SQL that enumerates Safari app extensions
  • Locate a RESTful Lenovo API that Kolide can use to show more accurate product descriptions for ThinkPad devices.
  • Add a new virtual table to our Kolide Endpoint Agent that parses the output of /usr/sbin/diskutil
  • Write an Osquery SQL query that enumerates uninstalled updates and patches from the Windows registry.

These goals will come from both customers directly and when new versions of operating systems or popular apps emerge. Endpoint security analysts spend much of their time researching, trying out potential solutions on a variety of physical devices, VMs, and eventually on customer devices. Then, they work with product engineering to ship these strategies to our product so our customers can use them.

While you will be working independently on projects, you won’t be on your own. As you make promising progress on a goal, other team members will be ready to assist you at your request. It’s rare in practice that a major new data collection initiative is driven from conception all the way to production without the assistance of others.

About You

We are looking for endpoint security analysts that have some experience using or administrating macOS, windows, and Linux-based operating systems, but consider themselves a specialist in at least one of them. This means, you may have used Linux casually as your daily driver, but you have a lot of experience with the underpinnings of Windows as a developer or an administrator. We don’t expect specialist knowledge across every platform.

You are naturally curious and relentless in finding the answers you seek. While this is a technical role that requires technical proficiency, we’ve found in practice that people with this personality will be driven to acquire any skills needed to get to the truth.

You are a clear thinker that can easily empathize with the goals of IT teams. Endpoint security analysts often have to wrestle with the imprecise language of a customer’s ask (ex: “Check if the firewall is enabled on Linux”), with the complex realities of the underlying systems they need to query. Being able to cleave off that complexity and build solutions that work how users generally expect, is essential.

Ideally you have some experience scripting. Perhaps you’ve written bash scripts to administer Linux systems in a past life, or maybe you’ve automated a tedious task in macOS Automator, or you’ve dabbled in Windows Powershell. If you have experience writing C++ or Go, that’s even better.

You are already proficient or at least ready to learn SQL. All of the queries we send to the endpoint are written in SQLite and understanding concepts like CTEs, joins, and aggregations, will help you decipher and modify the more complex queries we send down to customer devices.

You should be open to learning or have some experience with a debugger and a disassembler. Often seeing how an existing CLI program gathers the data it eventually outputs is the first clue on how we can collect that same data ourselves in our own endpoint agent.

You are a good writer who can write prose with empathy and tolerance for less technical people. As a product that interacts directly with our customers' end-users via Slack, it helps when our engineers can contribute to the writing process.

We are a US based remote-first company. You can work anywhere you want in North America and Hawaii as long as your working hours maintain a 3 hour overlap with the US eastern time-zone.

Benefits - A Summary

🏖️ Open, unlimited vacation policy (plus 10 paid company holidays)

🕑 Flexible working hours

💰 Fully remote culture (with $2k stipend)

🏥 Medical, Dental, and Vision coverage (100% of monthly premiums covered, plus $500 towards deductibles)

👪 12-weeks parental leave

🚴🏽‍♂️ Health and Wellness reimbursement

✈️️ Conference and Education reimbursement

🏦 401k Retirement Plan

📱 Phone and internet stipend

🌼 Life insurance and long term disability

How To Apply

Please apply on this website.

Submit your resume through the link provided. Cover letters are welcome. The best applications include specific examples of things you’ve done in the past that translate well to the type of work you’ll do at Kolide.

If your application is well received, we’ll invite you to the interview stage, which will include (but is not limited to) a preliminary call, and 2-3 one-hour interviews with your future colleagues, and a final interview with the CEO. If you are applying for a technical role, we may have you complete a take home exercise. 

The entire process may take up to three weeks, depending on team availability. We appreciate you considering Kolide and are excited to read your application. If you have questions or concerns, please reach out to jobs@kolide.co.