Windows 11 Security Hardening & Remediation Specialist
-
Pay Rate: $59.00hour, depending on experience
-
Contract Length: 6 Months
- Location: Calgary, Alberta
Raise is currently hiring a Windows 11 Security Hardening & Remediation Specialist on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client is a market leading financial institution
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
As our client shifts its focus "up the stack" for FY27, they are seeking a dedicated Security Configuration Management (SCM) Lifecycle Specialist to lead and execute critical security hardening and remediation efforts across our enterprise Windows 11 fleet. This project builds upon their existing operating system foundations to holistically secure our environment, minimize our attack surface, and achieve strict alignment with industry best practices (such as CIS Benchmarks and NIST). In this role, you will bridge the gap between core OS configurations, specialized applications, and database layers by performing comprehensive gap analyses, collaborating with Cybersecurity Governance, and implementing robust endpoint engineering policies.
Project Scope
For the Security Hardening Project, the specialist will focus on translating high-level governance requirements into technical, actionable engineering controls. You will systematically audit their current fleet, refine configuration standards, and deploy automated remediation packages to secure the endpoint layers without causing operational disruption for our clients team members.
Responsibilities
-
Perform comprehensive gap analyses, collaborate with Cybersecurity Governance on the Configuration Hardening Standard review, and develop/implement robust hardening policies across our endpoint layers—bridging the gap between core OS configurations, specialized applications, and database layers.
-
Core Responsibilities
-
Gap Analysis & Assessment: Conduct a deep-dive gap analysis of the current Windows fleet against Cybersecurity Governance Hardening Standards.
-
Policy Development: Work with subject matter experts, security, and governance teams to derive hardened configuration baseline documentation in alignment with the Configuration Hardening Standard.
-
Technical Implementation: Author, refine, and maintain Group Policy Objects (GPOs), configuration profiles, and PowerShell remediation scripts.
-
Up-the-Stack Integration: Ensure Windows 11 endpoint security configurations seamlessly align with the hardening requirements of specialized local applications, databases, and refined port/protocol management.
-
Remediation Execution: Lead the phased rollout of OS-level hardening configurations across the enterprise, minimizing user disruption while maximizing defensive posture.
-
Cross-Functional Collaboration: Partner with the Windows Engineering, Identity & Access Management (IAM), and Cybersecurity Governance teams to ensure compliance.
-
Training, testing and documentation is required to be delivered.
Qualifications
-
5+ years of experience in Cybersecurity, Endpoint Engineering, or Infrastructure Security with a heavy focus on Configuration Management.
-
A proven track record of successfully participating in large-scale enterprise remediation projects or compliance lifecycles.
-
Technical Requirements
-
Deep technical knowledge of Windows enterprise security architecture, including features like Credential Guard, Virtualization-based Security (VBS), and BitLocker.
-
Advanced, hands-on experience managing and deploying security policies via Omnissa Workspace ONE and/or Active Directory GPOs.
-
Proficiency in PowerShell for writing automated remediation, configuration enforcement, and compliance-checking scripts.
-
Strong familiarity with CIS Benchmarks, NIST SP 800-53, or DISA STIGs specifically mapped to Microsoft enterprise environments.
-
Core Skills & Knowledge
-
Solid understanding of ports, protocols, and services management to support the project's network-layer scope.
-
Exceptional ability to translate complex compliance and governance documents into technical, actionable engineering requirements.
-
Strong technical writing skills for creating clear hardening standards, low-risk change management plans, and repeatable remediation playbooks.
-
Education and Certifications
-
Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, Infrastructure Engineering, or a related field. An equivalent combination of an advanced technical diploma and extensive, proven hands-on enterprise endpoint security experience (7+ years) will also be considered.
-
Preferred Professional Certifications CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CompTIA Security+ or CySA+ (Cybersecurity Analyst).
-
Microsoft & Windows Architecture Expertise: Microsoft Certified: Cybersecurity Architect Expert (SC-100), Microsoft Certified: Azure Security Engineer Associate (AZ-500)
Additional Information
-
A requirement for candidates to be considered for this role will be to complete a criminal and credit check (including Canadian Credit Risk Score)
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or [email protected].
#WES
#LI-SC1
