Windows Administrator M F D

Role Purpose

The Windows Server & Active Directory Security Administrator is responsible for managing and securing enterprise Windows environments. This includes patch management using WSUS/SCCM, Active Directory security hardening, and enforcing security baselines across 10,000+ endpoints. The role ensures systems remain compliant with internal security standards and industry benchmarks (e.g., CIS), while maintaining high availability and security posture.

Key Responsibilities

Windows Server Patch Management

• Oversee end-to-end patch management lifecycle for Windows Servers using WSUS and SCCM
• Ensure timely deployment of OS and application patches across large-scale environments
• Monitor patch compliance and generate reports for audits and management review
• Troubleshoot patch deployment failures and implement remediation plans
• Align patching practices with CIS Benchmarks and internal policies
  
  

• Implement and maintain Active Directory (AD) security best practices, including:
• Privileged Access Management (PAM)
• Role-Based Access Control (RBAC)
• Secure Kerberos configuration and policies
• Conduct periodic reviews of:
• User access rights and privileged accounts
• Group memberships and service accounts
• Identify and remediate AD vulnerabilities and misconfigurations
  
  

• Design and enforce Group Policy Objects (GPOs) for enterprise-wide security configurations
• Implement security baselines across 10,000+ endpoints (servers and workstations)
• Ensure systems comply with:
• Internal security standards
• CIS Benchmark configurations
• Continuously monitor and fine-tune GPOs for efficiency and compliance
  
  

• Ensure infrastructure adheres to internal security policies and regulatory requirements
• Support internal and external audits by providing evidence of patching and configuration compliance
• Maintain documentation of system configurations, patch status, and AD changes
• Collaborate with cybersecurity teams to respond to vulnerabilities and incidents
  
  

• Maintain and support Windows Server environments (on-premises and hybrid)
• Perform regular system health checks and proactive maintenance
• Support identity and access management processes within AD
• Participate in infrastructure improvement initiatives and automation efforts
  
  

• Bachelor’s degree in:
• Information Technology
• Computer Science
• Networking or related field
  

• 4–8+ years of experience in:
• Windows Server Administration
• Active Directory management in large enterprise environments
• Proven experience managing 10,000+ endpoints is highly preferred
• Hands-on experience with:
• WSUS and SCCM for patch management
• GPO design and enforcement
  

• Strong knowledge of:
• Windows Server OS (2016/2019/2022)
• Active Directory architecture and security
• Kerberos authentication and policies
• Experience with:
• CIS Benchmarks and system hardening practices
• Endpoint security configuration and compliance tools
• Familiarity with:
• Hybrid environments (on-prem + Azure AD)
• PowerShell scripting for automation
  

• Strong problem-solving and troubleshooting ability
• Attention to detail with a strong security mindset
• Ability to manage tasks in large, complex environments
• Effective communication and teamwork skills
  
  

• Microsoft Certified: Windows Server Hybrid Administrator Associate
• Microsoft 365 Certified: Security Administrator Associate
• Additional certifications (nice to have):
• Microsoft Certified: Azure Administrator Associate
• CISSP / Security+
  

• Patch Management & Compliance
• Active Directory Security
• Endpoint Security Management
• GPO & Policy Enforcement
• Infrastructure Stability & Operations
• Risk Awareness & Mitigation