Security Engineer

Security Engineer with end user computing experience required to design, build, and secure Windows-based end-user environments across physical devices, cloud, and virtual desktops. This role is split 50/50 between hands-on engineering and security consulting, ensuring Windows builds are secure, compliant, and operationally viable, while advising on risk, design decisions, and configuration changes.

You will own secure Windows builds, ensure compliance with security controls (eg CIS), integrate security and operational tooling, and enable other products to safely operate on the build. The role also requires reviewing risk decisions prior to configuration changes and balancing security with usability.

Key Responsibilities

Hands-On Engineering

• Build and maintain secure Windows 10/11 images for physical devices and virtual desktops.
• Ensure Windows builds are security compliant (CIS-aligned) and production-ready.
• Configure and manage endpoint security tooling (Microsoft Defender, Qualys, encryption, EDR).
• Integrate operational tooling and ensure other products can safely operate on the secure build.
• Secure and manage Azure Virtual Desktop (AVD) environments, including persistent vs personal desktops.
• Implement endpoint policies using Intune, Entra ID, and Microsoft 365.

Consulting & Advisory

• Advise on secure EUC architecture across physical, virtual, and cloud desktops.
• Review and assess risk decisions prior to configuration changes.
• Provide guidance on identity, access, and endpoint security design.
• Support stakeholders with secure desktop strategies and trade-off decisions.
• Contribute to documentation, standards, and security recommendations.

Required Skills & Experience

• Strong experience building and securing Windows desktop images.
• Knowledge of Intune, Microsoft 365, Entra ID, and Microsoft Defender.
• Experience with Azure Virtual Desktop (AVD), including persistent vs personal desktops and mapping virtual builds to physical devices.
• Familiarity with CIS benchmarks and secure configuration standards.
• Experience with vulnerability management tools such as Qualys.
• Ability to assess risk and clearly communicate security decisions.