[Remote] Security Engineer (Hardening, Active Directory & Endpoint Security)

Note: The job is a remote job and is open to candidates in USA. Dice is seeking an experienced Security Engineer with strong expertise in system hardening and Active Directory security. The role involves implementing security baselines, managing AD security policies, and ensuring endpoint protection across the enterprise environment.

Responsibilities

• Implement and maintain server and workstation hardening standards based on CIS Benchmarks and industry best practices
• Perform security assessments, gap analysis, and remediation activities for Windows and Linux environments
• Design, configure, and manage Active Directory Group Policies (GPOs) to enforce security controls and compliance requirements
• Develop and maintain security baselines for servers, databases, and virtual environments
• Configure and manage endpoint security solutions, including antivirus, EDR/XDR, application control, device control, and encryption technologies
• Monitor endpoint security posture and remediate vulnerabilities identified through security scans and audits
• Collaborate with infrastructure and application teams to implement security controls without impacting business operations
• Conduct security reviews of AD configurations, privileged accounts, service accounts, and authentication mechanisms
• Support vulnerability management activities, including risk assessment, remediation tracking, and compliance reporting
• Create and maintain security documentation, hardening standards, and operational procedures
• Participate in incident response activities related to endpoint and infrastructure security

Skills

• Strong experience in Windows Server and Active Directory Administration
• Hands-on experience implementing CIS Benchmarks for Windows, Linux, and endpoint systems
• Expertise in Group Policy Objects (GPOs), security templates, and AD security best practices
• Experience with endpoint security platforms such as Microsoft Defender for Endpoint, CrowdStrike, Sentinel One, Trellix, or Symantec Endpoint Security
• Strong understanding of security controls including: Privileged Access Management (PAM), Multi-Factor Authentication (MFA), Endpoint Encryption, Application Whitelisting, Device Control
• Experience with one of the vulnerability management tools such as Tenable, Qualys, or Rapid7
• Knowledge of security frameworks and standards including CIS, NIST, and ISO 27001
• Scripting experience using PowerShell for automation and security policy deployment
• Bachelor's degree in computer science, Information Security, or related field
• Security certifications such as: CISSP, Security+, Microsoft Security Certifications, GIAC Certifications, CIS Benchmark-related certifications
• Experience in enterprise-scale security operations and compliance environments

Company Overview

Company H1B Sponsorship