Endpoint Security Administrator (secret clearance)

Location: Chantilly, VA
Description: The Judge Group is currently seeking an Endpoint Security Administrator with an active secret clearance and Security+ to support a classified customer. For immediate consideration email your resume to
- Robbie Kissinger

Seeking a proactive and skilled Endpoint Security Administrator to oversee the security of the organization's endpoint devices, including laptops, desktops, and other endpoints. The successful candidate will be responsible for with defining, implementing, and managing endpoint security compliance across our organization using Active Directory Group Policy Objects (GPOs) and Local Security Policies, ensuring compliance with organizational security policies, and protecting against potential threats. This role will also involve coordinating with other security teams to implement best practices, respond to incidents, and continuously improve endpoint defense mechanisms.

• Minimum of 10+ years of experience in endpoint security administration, IT security, or related cybersecurity roles.
• Proven experience with in-depth knowledge of Active Directory and Group Policy management.
• Knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, PCI-DSS, HIPAA).
• Strong knowledge of Windows security, Active Directory administration, and endpoint protection best practices.
• Experience with managing endpoint detection and response (EDR) solutions and anti-virus technologies.
• Understanding of network protocols, threat landscape, and malware behaviors.
• Experience with vulnerability management and patching tools.
• Proficiency in PowerShell scripting for automation and reporting.

Key Responsibilities:

• Group Policy Management:
• Design, implement, and maintain Group Policy Objects (GPOs) to enforce security settings across the organization's Windows endpoints.
• Regularly review and update GPOs to align with evolving security requirements and best practices.
• Troubleshoot GPO application issues and conflicts.
• Local Security Policy Configuration:
• Develop and maintain standardized Local Security Policy configurations for various endpoint types.
• Implement and manage Local Security Policies on standalone systems or systems not governed by domain policies.

Security Compliance:

• Define security baselines for different endpoint types (e.g., workstations, servers, mobile devices) based on industry standards and organizational requirements.
• Ensure all endpoints meet or exceed defined security compliance standards.
• Conduct regular compliance audits and generate reports on the security posture of endpoints.

Policy Testing and Validation:

• Test new and modified Group Policies and Local Security Policies in a controlled environment before deployment
• Validate the impact of policy changes on system functionality and user experience

Documentation and Reporting:

• Maintain comprehensive documentation of all Group Policies and Local Security Policies.
• Create and update standard operating procedures for policy management and enforcement.
• Prepare regular reports on endpoint compliance status for management and auditors

Collaboration and Training:

• Work closely with IT operations, security teams, and business units to ensure policies meet both security and operational needs.
• Provide training and guidance to IT staff on Group Policy and Local Security Policy management.

Continuous Improvement:

• Stay informed about the latest Windows security features and best practices.
• Recommend and implement improvements to enhance endpoint security posture.
• Incident Response Support:
• Assist in incident response efforts by quickly implementing policy changes when needed.
• Analyze policy effectiveness in preventing or mitigating security incidents.

Other Desired Skills:

• Familiarity with scripting (e.g., PowerShell, Python, Bash) for automating endpoint security tasks.
• Knowledge of cloud-based endpoint security (e.g., AWS, Azure) is a plus.
• Familiarity with SIEM tools (e.g., Splunk, LogRhythm) for endpoint security monitoring and alerting.
• Certified Endpoint Protection Professional (CEPP), Certified Ethical Hacker (CEH), GIAC Endpoint Security (GESP), or other relevant certifications.
• DoD 8140 compliance, CompTIA Security + or higher
• Must have Active Secret Clearance

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!