Technology Risk - Security Engineer; Dallas, TX

Technology Risk - Security Engineer (Dallas, TX) Job Description Job Duties

Windows Platform Security Engineer to design and maintain comprehensive security controls across enterprise Windows ecosystem. The ideal candidate will possess deep expertise spanning operating system hardening, endpoint protection, identity governance, modern workplace technologies, and hybrid cloud environments.

• Design, implement, and maintain security baselines and hardening standards across the Windows platform (client and server operating systems).
• Administer and optimize endpoint security tooling, including EDR/XDR, antivirus, and threat detection solutions.
• Manage Identity and Access Management (IAM) controls, including authentication, authorization, privileged access, and conditional access policies.
• Architect and enforce network security controls across on-premises and cloud environments, including proxy and web gateway solutions.
• Collaborate with Infrastructure, Cloud, and Cyber Defense teams to ensure consistent security posture across hybrid environments.
• Conduct vulnerability assessments and remediation planning.
• Apply security best practices to harden OSes, maintain secure configurations and reduce host attack surface.
• Draft security policies, standards and procedures.
• Contribute to technical and business discussions for security strategy with an emerging threat landscape.
• Design and develop for shared services, workflows and processes for on-premises and hybrid (on prem + cloud) solutions.
• Design for integrated security controls, workflows, data protection, authentication and authorization.
• Design security for monitoring, logging, IAM, encryption, data protection, detection and preventive controls.
• Advise and design with commercial and open-source security tools and controls.
• Stay up to date with cybersecurity threats, risks and vulnerabilities with potential impact on services.

• At least eight-plus years’ experience in Windows platform security or a related role.
• Proficient with security configuration management tools
• Ability to influence technical teams, business units and collaborate to reduce attack surface.
• Capacity to comprehend complex technical infrastructure, identities, access controls and least privilege.
• Strong written and oral communication skills across varying levels of the organization.

• In-depth knowledge of Windows OS hardening (Workstations and Windows Servers).
• Experience with Group Policy (GPO), Security Baselines, and hardening Benchmarks.

• Experience with EDR/XDR platforms.
• Configuration of endpoint protection, threat hunting, and automated remediation.
• Experience with patch management and endpoint compliance / mobile device management tooling.

• Understanding of identity & access management solutions.
• Implementation of Conditional Access, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM).
• Understanding of authentication protocols (Kerberos, NTLM, SAML, OAuth, OpenID Connect).
• Experience with Single Sign-On (SSO) and identity lifecycle governance.

• Experience securing Windows Desktop deployments.
• Knowledge of provisioning policies, security baselines, and access controls for Windows Desktops.
• Experience with modern workplace productivity tooling on desktop

• Strong understanding of networking fundamentals (TCP/IP, DNS, DHCP, VPN, firewalls).
• Experience with proxy and secure web gateway solutions.
• Knowledge of network segmentation, Zero Trust networking, and Secure Access Service Edge (SASE) concepts.
• Demonstrable experience securing cloud environments.
• Familiarity with network security groups (NSGs).
• Understanding of hybrid identity, RBAC, and cloud security posture management (CSPM).
• Experience managing security across both on-premises and cloud (hybrid) architectures.