Senior Engineer - Microsoft Security (Windows & Microsoft 365) at Millennium IT ESP

Colombo, Western Province, Sri Lanka -

Full Time

Start Date

Immediate

Expiry Date

17 Aug, 26

Salary

0.0

Posted On

19 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Windows Server Architecture, Active Directory, Group Policy, Microsoft 365 Security, PowerShell Scripting, Vulnerability Management, CIS Benchmarks, Microsoft Defender Suite, Conditional Access, Cryptography, TLS/AES Encryption, PKI, Nessus, Identity and Access Management, Security Hardening, Network Security

Industry

IT Services and IT Consulting

Description

Job Description Analyze and interpret security findings from vulnerability assessments, CIS benchmark reviews, audit reports, and security assessment tools such as Nessus Assess remediation feasibility, operational impact, implementation dependencies, and risks within production environments Collaborate with application, database, infrastructure, and third-party vendor teams to implement secure solutions Translate security recommendations into practical technical implementations across Windows and Microsoft 365 platforms Implement and manage enterprise security hardening initiatives using Group Policy (GPO), registry configurations, PowerShell scripting, and Microsoft 365 security configurations Evaluate and remediate cryptographic weaknesses and insecure protocol configurations Plan and execute secure transitions including RC4/DES to AES migration and TLS 1.0/1.1 to TLS 1.2/1.3 enforcement Analyze authentication flows, encryption dependencies, and legacy application compatibility prior to implementing security changes Coordinate with internal teams and vendors to resolve compatibility and integration issues Identify and communicate technical risks, business impacts, constraints, and dependencies related to security implementations Provide documentation and recommendations for accepted, mitigated, or rejected security risks Ensure compliance with CIS benchmarks, security baselines, and industry best practices Participate in change management activities to ensure minimal or zero service disruption during security implementations Person Specification Strong expertise in Windows Server architecture and internals Hands-on experience with Active Directory (AD DS), Group Policy, DNS, and Kerberos authentication Experience implementing Windows OS hardening and enterprise security controls Experience with vulnerability management and security assessment tools such as Nessus Strong understanding of CIS benchmarks, security baselines, attack vectors and mitigation strategies, identity and access management, and OS-level security controls Hands-on experience with Microsoft Defender Suite, Conditional Access, Exchange Online Security, Identity Protection, and security auditing and monitoring Strong understanding of cryptographic principles within Windows environments Experience implementing and managing AES encryption standards, TLS 1.2 / TLS 1.3 enforcement, Kerberos encryption configurations, Schannel hardening, cipher suite management, and AD CS / PKI fundamentals Ability to identify and mitigate compatibility risks related to legacy applications, domain authentication flows, and third-party integrations Strong PowerShell scripting and automation capabilities Experience implementing security configurations through GPO, registry configurations, and automation scripts Strong analytical, troubleshooting, and problem-solving capabilities Ability to balance security requirements with operational and business impact Excellent communication and stakeholder management skills Ability to clearly communicate technical risks, implementation limitations, and business implications Ability to work effectively within high-pressure or regulated environments Experience within banking or financial services environments will be an added advantage Exposure to hybrid infrastructure environments (on-premises and cloud) and familiarity with audit and regulatory compliance processes will be an added advantage Relevant professional certifications such as Microsoft Security Certifications, CISSP, or CEH will be an added advantage Strong understanding of the operational impact of security changes and the ability to identify hidden legacy dependencies and compatibility risks prior to implementation Ability to make risk-based security decisions supported by technical reasoning and evidence Ability to confidently challenge impractical recommendations with appropriate technical justification Strong focus on implementing secure, stable, and sustainable enterprise security solutions

Responsibilities

Analyze security findings from vulnerability assessments and implement hardening initiatives across Windows and Microsoft 365 platforms. Coordinate with technical teams to remediate cryptographic weaknesses and ensure compliance with CIS benchmarks while minimizing operational disruption.