Eliassen Group is supporting a large government integrator in the search of a Microsoft Server Engineer/System Administrator. This will be onsite twice a week in D.C. and must be W2. It will also be a 6-month contract to hire. Due to the nature of the work this candidate will be sponsored for a Public Trust clearance which can take 4-9 weeks to obtain.
The Security Vulnerability Engineer will provide critical support in identifying, analyzing, and remediating vulnerabilities across an infrastructure consisting of over 2000 windows servers. This will include analyzing reports from multiple streams and sources as well as remediating and assigning to other members of the team when needed.
This position requires a mixture of engineering, operations, hands on technical and support skills. Qualified candidates should have excellent troubleshooting and analytical skills. The individual will work closely with technical leads, infrastructure and operations teams and other cross-department teams to evaluate business needs and provide end-to-end technical solutions and manage, operate, monitor, audit, secure server assets.
The position will provide Windows engineering support and will be responsible for building, patching, and troubleshooting Windows servers in support of current and future systems and applications. This candidate will be working with a team of server engineers to troubleshoot issues for multiple systems in multiple datacenter locations.
The candidate will provide support, implementation, and design services for Windows-based systems across the enterprise. The candidate will be responsible for resolving and completing assigned tasks and change requests and will act as an escalation for support issues.
Responsibilities
-This position requires a minimum 2x/week onsite.
-Once every 2-3 months support server infrastructure in a 24x7 on-call escalation capacity as part of a team rotation.
-Performs security hardening, patching and server certificate updates.
-Run system scans and analyze reports on system vulnerabilities on over 2000 windows servers in the enterprise.
-Maintain and update environmental documentation, standard Operating Procedures, and engineering documentation.
-Provide support to system administrators to resolve issues when required provide support in response to outages including conducting root cause analysis.
-Recognize and escalate risks, issues, and concerns when necessary.
-Analyze vulnerability reports identify areas of responsibility for remediation.
-Resolve known exploited vulnerabilities, prioritizing critical and highs.
-Facilitate coordination of vulnerability remediations across the team.
-Develop and provide recommendations and remediations for vulnerabilities.
-Harden Windows OS with secure versions of Transport Layer Security (TLS), and cipher suites according to NIST policy.
-Assist Security Operations personnel in developing Plan of Action & Milestones (POAM’s) for vulnerabilities requiring long-lead time resolve.
-Work closely with the SCCM/Deployment team to perform routine and bulk patching as well as reporting.
-Provide on-call support and manage ticket queue.
-Demonstrate a strong appetite to learn and translate evolving threats into real world recommendations.
-Demonstrate strong knowledge of vulnerability management tools such as Tenable Nessus, Qualys WAS, Inviciti, and BigFix.
-Have a solid understanding of IPV4 and IPV6 networking.
Experience Requirements
Expert-level knowledge of Windows OS-based computer devices (Windows 10, Windows 11)
Demonstrate expert knowledge of Windows OS to include W2K12R2, W2K16, W2k19, W2k22.
Expert knowledge and troubleshooting skills to resolve failed update installation in Windows OS.
Expert knowledge of AD Group policy and applying security posture via GPO's.
Strong knowledge of System Center Configuration Manager (SCCM).
Experience with performing root cause analysis, risk identification, and risk mitigation
Understanding of FIPS 140-3 or cryptographic modules and how they are used.
Must be a self-started with strong problem solving and communication skills.
Strong knowledge of NIST-800 framework and security guidelines for windows servers and clients including DISA STIG
Strong knowledge of CIS Benchmark guidelines for Microsoft Windows servers
Experience with scripting tools such as, PowerShell, Azure CLI, AWS CLI, Python, and VBScript.
Experience with Nessus Tenable scanning tools and reporting.
Expert level experience with MS Office tools such as Excel, PowerPoint, Vizio, Word.
Experience with installing hardware drivers, firmware, bios, and other hardware upgrades for Dell servers.
Demonstrate knowledge of common ports and protocols used by Windows servers and clients.
Preferred
Security certification(s) highly preferred such as Security+, CISSP, CASP+, CISA, CISM etc.
Experience Linux/Ansible, and/or Unix experience are a plus.
Experience with Dell Open Manage Enterprise is a plus.
Experience with PowerBI is a plus.
Experience with Microsoft Intune is a plus.