Our client is seeking dedicated Security Configuration Management (SCM) Lifecycle Specialists to lead and execute critical security hardening and remediation efforts. This project builds upon our existing operating system foundations to holistically secure our environment, minimize the attack surface, and achieve alignment with industry best practices (such as CIS Benchmarks and NIST).

You will perform comprehensive gap analyses, collaborate with Cybersecurity Governance on the Configuration Hardening Standard review, and develop/implement robust hardening policies across our endpoint layers—bridging the gap between core OS configurations, specialized applications, and database layers.

Core Responsibilities

• Gap Analysis & Assessment: Conduct a deep-dive gap analysis of the current Windows fleet against Cybersecurity Governance Hardening Standards.
• Policy Development: Work with the subject matter experts, security, and governance teams to derive hardened configuration baseline documentation in alignment with the Configuration Hardening Standard.
• Technical Implementation: Author, refine, and maintain Group Policy Objects (GPOs), configuration profiles, and PowerShell remediation scripts.
• Up-the-Stack Integration: Ensure Windows 11 endpoint security configurations seamlessly align with the hardening requirements of specialized local applications, databases, and refined port/protocol management.
• Remediation Execution: Lead the phased rollout of OS-level hardening configurations across the enterprise, minimizing user disruption while maximizing defensive posture.
• Cross-Functional Collaboration: Partner with the Windows Engineering, Identity & Access Management (IAM), and Cybersecurity Governance teams to ensure compliance.
• Training, testing and documentation is required to be delivered.

Technical Requirements

• OS Expertise: Deep technical knowledge of Windows enterprise security architecture (e.g., Credential Guard, Virtualization-based Security, BitLocker).
• Unified Endpoint Management (UEM): Advanced experience managing and deploying security policies via unified endpoint management platforms, including Omnissa Workspace One or Active Directory GPOs.
• Automation: Proficiency in PowerShell for writing automated remediation and compliance-checking scripts.
• Security Frameworks: Strong familiarity with CIS Benchmarks, NIST SP 800-53, or DISA STIGs specifically mapped to Microsoft environments.

Experience & Education

• Experience: 5+ years of experience in Cybersecurity, Endpoint Engineering, or Infrastructure Security with a heavy focus on Configuration Management.
• Project Delivery: Proven track record of participating in large-scale enterprise remediation projects or compliance lifecycles.

Skills & Knowledge

• Network Fundamentals: Solid understanding of ports, protocols, and services management to support the project's network-layer scope.
• Analytical Mindset: Ability to translate complex compliance documents (like a Governance Standard) into technical, actionable engineering requirements.
• Communication: Strong documentation skills for creating hardening standards, change management plans, and remediation playbooks.

Top Skills:

• Network Fundamentals: Solid understanding of ports, protocols, and services management to support the project's network-layer scope.
• Analytical Mindset: Ability to translate complex compliance documents (like a Governance Standard) into technical, actionable engineering requirements.
• Communication: Strong documentation skills for creating hardening standards, change management plans, and remediation playbooks.

Project Description: For the Security Hardening project, the candidate will perform comprehensive gap analyses, collaborate with Cybersecurity Governance to review Configuration Hardening Standards, and develop and implement robust hardening policies across endpoint layers to bridge the gap between core OS configurations, specialized applications, and database layers