Windows Security Engineer

Job Description

Point72 is seeking a Windows Security Engineer to join its Global Information Security Team. The ideal candidate will be responsible for designing, implementing, and maintaining secure Windows Server and Active Directory architectures at scale. This role involves ensuring the protection of Point72's information assets through a comprehensive security program.

Responsibilities:

• Design and implement secure Windows Server and Active Directory architectures at scale
• Architect and maintain hybrid identity solutions integrating on-premise AD with EntraID (Azure AD) and Okta
• Configure and manage AD delegation models following least privilege principles
• Implement and maintain identity protection solutions (eg: Defender for Identity, CrowdStrike Identity Protection, Quest Active Roles, etc)
• Develop and enforce security standards for Windows Server deployments, including bare metal, VMware and public cloud (AWS, Azure, GCP)
• Collaborate with Endpoint Engineering teams to secure Windows endpoints using solutions including SCCM and InTune
• Configuration management for Windows Firewall and ASR rules across our endpoint estate
• Help to monitor and mature our Windows patching and vulnerability management program Windows
• Perform security assessments and audits of Windows infrastructure
• Monitor and respond to security incidents related to Windows infrastructure
• Collaborate with infrastructure and security teams on identity and access management initiatives

Requirements:

• Bachelor's degree in Computer Science, Information Security, or related field
• 7+ years of experience in Windows Server administration and security
• Deep expertise in Active Directory, Group Policy, AzureAD/EntraID, ADFS, DFS, SMB/CIFS, IIS, SQL Server, Kerberos, LDAP, NTLM, DNS, WMI, LAPS, Bitlocker and related Microsoft Server technologies
• Experience with all common versions of Windows Server (2012, 2016, 2019, 2022 & 2025) and Windows 10-11 desktop OS
• Strong general knowledge of core infrastructure (Networking, storage, virtualization/VMware, etc)
• Advanced knowledge of AD delegation models and associated best practices
• Experience with identity protection platforms (Defender for Identity, CrowdStrike Identity Protection, etc.)
• Proficiency navigating and triaging Windows event logs
• Familiarity with Centrify as means of integrating Linux with Active Directory
• Familiarity with Quest Active Directory security products (eg: Active Roles)
• Proficiency with PowerShell required

Point72 offers:

• Fully-paid health care benefits
• Generous parental and family leave policies
• Volunteer opportunities
• Support for employee-led affinity groups
• Mental and physical wellness programs
• Tuition assistance
• A 401(k) savings program with an employer match