Endpoint Security Engineer / Endpoint & Identity Security Engineer/ Security Configuration Engineer
NYC, 12+ Months Contract
Hardening, AD security, endpoint protection, vulnerability remediation, and automation
We need someone who can strengthen enterprise security by implementing hardening standards, securing Active Directory, and managing endpoint protection across Windows and Linux environments. Maintain CIS‑aligned baselines, enforce GPO‑driven security controls, and support vulnerability remediation using industry‑leading tools. Ensure endpoints, servers, and identities remain compliant, resilient, and securely configured.
Key Focus Areas:
- CIS Benchmark hardening (Windows/Linux)
- Active Directory & GPO security governance
- Endpoint protection (Defender, CrowdStrike, SentinelOne, Trellix)
- Vulnerability management (Tenable/Qualys/Rapid7)
- PAM, MFA, encryption, listing & device control
- PowerShell automation for security configuration
Required Skills:
- Windows Server & Active Directory Administration
- CIS Benchmark Hardening (Windows, Linux, endpoints)
- Group Policy (GPO) Security & Governance
- Endpoint Security Platforms: Microsoft Defender, CrowdStrike, SentinelOne, Trellix, Symantec
- Core Security Controls: PAM, MFA, Encryption, Application listing, Device Control
- Vulnerability Management Tools: Tenable, Qualys, or Rapid7
- Security Frameworks: CIS, NIST, ISO 27001
- PowerShell Automation
Certifications related to work: (any or as many is okay—as these are plus)
- CIS Secure Suite Certified Practitioner (CIS‑CP)
- SC‑300 (Identity & Access Administrator)
- AZ‑500 (Azure Security Engineer)
- SC‑200 (Security Operations Analyst)
- CrowdStrike CCFA or Sentinel One SIREN
- Qualys / Tenable / Rapid7 VM Certification