Job Description

• Analyze and interpret security findings from vulnerability assessments, CIS benchmark reviews, audit reports, and security assessment tools such as Nessus
• Assess remediation feasibility, operational impact, implementation dependencies, and risks within production environments
• Collaborate with application, database, infrastructure, and third-party vendor teams to implement secure solutions
• Translate security recommendations into practical technical implementations across Windows and Microsoft 365 platforms
• Implement and manage enterprise security hardening initiatives using Group Policy (GPO), registry configurations, PowerShell scripting, and Microsoft 365 security configurations
• Evaluate and remediate cryptographic weaknesses and insecure protocol configurations
• Plan and execute secure transitions including RC4/DES to AES migration and TLS 1.0/1.1 to TLS 1.2/1.3 enforcement
• Analyze authentication flows, encryption dependencies, and legacy application compatibility prior to implementing security changes
• Coordinate with internal teams and vendors to resolve compatibility and integration issues
• Identify and communicate technical risks, business impacts, constraints, and dependencies related to security implementations
• Provide documentation and recommendations for accepted, mitigated, or rejected security risks
• Ensure compliance with CIS benchmarks, security baselines, and industry best practices
• Participate in change management activities to ensure minimal or zero service disruption during security implementations

Person Specification

• Strong expertise in Windows Server architecture and internals
• Hands-on experience with Active Directory (AD DS), Group Policy, DNS, and Kerberos authentication
• Experience implementing Windows OS hardening and enterprise security controls
• Experience with vulnerability management and security assessment tools such as Nessus
• Strong understanding of CIS benchmarks, security baselines, attack vectors and mitigation strategies, identity and access management, and OS-level security controls
• Hands-on experience with Microsoft Defender Suite, Conditional Access, Exchange Online Security, Identity Protection, and security auditing and monitoring
• Strong understanding of cryptographic principles within Windows environments
• Experience implementing and managing AES encryption standards, TLS 1.2 / TLS 1.3 enforcement, Kerberos encryption configurations, Schannel hardening, cipher suite management, and AD CS / PKI fundamentals
• Ability to identify and mitigate compatibility risks related to legacy applications, domain authentication flows, and third-party integrations
• Strong PowerShell scripting and automation capabilities
• Experience implementing security configurations through GPO, registry configurations, and automation scripts
• Strong analytical, troubleshooting, and problem-solving capabilities
• Ability to balance security requirements with operational and business impact
• Excellent communication and stakeholder management skills
• Ability to clearly communicate technical risks, implementation limitations, and business implications
• Ability to work effectively within high-pressure or regulated environments
• Experience within banking or financial services environments will be an added advantage
• Exposure to hybrid infrastructure environments (on-premises and cloud) and familiarity with audit and regulatory compliance processes will be an added advantage
• Relevant professional certifications such as Microsoft Security Certifications, CISSP, or CEH will be an added advantage
• Strong understanding of the operational impact of security changes and the ability to identify hidden legacy dependencies and compatibility risks prior to implementation
• Ability to make risk-based security decisions supported by technical reasoning and evidence
• Ability to confidently challenge impractical recommendations with appropriate technical justification
• Strong focus on implementing secure, stable, and sustainable enterprise security solutions