Senior Security Hardening & Remediation Specialists — one focused on Windows 11 and one on macOS —

Overview:

Our banking client is seeking two Security Hardening & Remediation Specialists — one focused on Windows 11 and one on macOS — to lead enterprise-wide endpoint security hardening and remediation across their environment. Each specialist will own gap analysis, policy development, and phased technical implementation across endpoint and application layers, working cross-functionally with Cybersecurity Governance, IAM, and endpoint engineering teams. (Remote — Alberta-based preferred) [-51, -52]

Must-Haves:

• 5+ years in Cybersecurity, Endpoint Engineering, or Infrastructure Security with heavy focus on Configuration Management / Security Configuration Management (SCM)
• Deep hands-on hardening experience in at least one of the following:

1) Windows 11 — Credential Guard, Virtualization-based Security (VBS), BitLocker, GPO authoring and enterprise deployment, Omnissa Workspace One

Active Directory

2) macOS — FileVault, TCC/Privacy Preferences Policy Control, System Extensions, Gatekeeper, Jamf Pro (configuration profiles, smart groups)

• Scripting proficiency for automated remediation: PowerShell (Windows) or Zsh/Bash (macOS)
• Experience implementing security frameworks: CIS Benchmarks, NIST SP -53, DISA STIGs (Windows) or mSCP / CIS Benchmarks for macOS

Nice-to-Haves:

• Experience in both Windows 11 and macOS hardening environments
• Familiarity with ports, protocols, and services management at the network layer
• Ability to translate governance/compliance documents into actionable engineering requirements
• Experience collaborating with IAM, DevOps, and Cybersecurity Governance teams
• Security certifications (CISSP, CISM, CISA, or equivalent)

Responsibilities:

• Conduct deep-dive gap analysis of the endpoint fleet against Cybersecurity Governance Hardening Standards
• Develop hardened configuration baseline documentation aligned to relevant OS security frameworks
• Author and deploy GPOs, configuration profiles, and remediation scripts to enforce compliance at scale
• Lead phased rollout of OS-level hardening configurations enterprise-wide, minimizing user disruption
• Align endpoint controls with application-layer and network-layer security requirements
• Partner cross-functionally with Windows/Apple Engineering, IAM, and Cybersecurity Governance
• Deliver training, testing, and documentation as part of project scope