Windows Administrator; m​/f​/d

Role Purpose

The Windows Server & Active Directory Security Administrator is responsible for managing and securing enterprise Windows environments. This includes patch management using WSUS/SCCM
, Active Directory security hardening
, and enforcing security baselines across 10,000+ endpoints
. The role ensures systems remain compliant with internal security standards and industry benchmarks (e.g., CIS), while maintaining high availability and security posture.

• Oversee end-to-end patch management lifecycle for Windows Servers using WSUS and SCCM
• Ensure timely deployment of OS and application patches across large-scale environments
• Monitor patch compliance and generate reports for audits and management review
• Troubleshoot patch deployment failures and implement remediation plans
• Align patching practices with CIS Benchmarks and internal policies

• Implement and maintain Active Directory (AD) security best practices
  , including:
  • Privileged Access Management (PAM)
  • Role-Based Access Control (RBAC)
  • Secure Kerberos configuration and policies
• Conduct periodic reviews of:
  • User access rights and privileged accounts
  • Group memberships and service accounts
• Identify and remediate AD vulnerabilities and misconfigurations

• Design and enforce Group Policy Objects (GPOs) for enterprise-wide security configurations
• Implement security baselines across 10,000+ endpoints (servers and workstations)
• Ensure systems comply with:
  • Internal security standards
  • CIS Benchmark configurations
• Continuously monitor and fine-tune GPOs for efficiency and compliance

• Ensure infrastructure adheres to internal security policies and regulatory requirements
• Support internal and external audits by providing evidence of patching and configuration compliance
• Maintain documentation of system configurations, patch status, and AD changes
• Collaborate with cybersecurity teams to respond to vulnerabilities and incidents

• Maintain and support Windows Server environments (on-premises and hybrid)
• Perform regular system health checks and proactive maintenance
• Support identity and access management processes within AD
• Participate in infrastructure improvement initiatives and automation efforts

• Bachelor’s degree in:
  • Information Technology
  • Computer Science
  • Networking or related field

• 4–8+ years of experience in:
  • Windows Server Administration
  • Active Directory management in large enterprise environments
• Proven experience managing 10,000+ endpoints is highly preferred
• Hands‑on experience with:
  • WSUS and SCCM for patch management
  • GPO design and enforcement

• Strong knowledge of:
  • Windows Server OS (2016/2019/2022)
  • Active Directory architecture and security
  • Kerberos authentication and policies
• Experience with:
  • CIS Benchmarks and system hardening practices
  • Endpoint security configuration and compliance tools
• Familiarity with:
  • Hybrid environments (on‑prem + Azure AD)
  • Power Shell scripting for automation

• Strong problem‑solving and troubleshooting ability
• Attention to detail with a strong security mindset
• Ability to manage tasks in large, complex environments
• Effective communication and teamwork skills

• Microsoft Certified:
  Windows Server Hybrid Administrator Associate
• Microsoft 365 Certified:
  Security Administrator Associate
• Additional certifications (nice to have):
  • Microsoft Certified:
    Azure Administrator Associate
  • CISSP / Security+

• Patch Management & Compliance
• Active Directory Security
• Endpoint Security Management
• GPO & Policy Enforcement
• Infrastructure Stability & Operations
• Risk Awareness & Mitigation