Role Purpose
The Windows Server & Active Directory Security Administrator is responsible for managing and securing enterprise Windows environments. This includes patch management using WSUS/SCCM, Active Directory security hardening, and enforcing security baselines across 10,000+ endpoints. The role ensures systems remain compliant with internal security standards and industry benchmarks (e.g., CIS), while maintaining high availability and security posture.
Key Responsibilities
Windows Server Patch Management
- Oversee end-to-end patch management lifecycle for Windows Servers using WSUS and SCCM
- Ensure timely deployment of OS and application patches across large-scale environments
- Monitor patch compliance and generate reports for audits and management review
- Troubleshoot patch deployment failures and implement remediation plans
- Align patching practices with CIS Benchmarks and internal policies
Active Directory Security & Hardening
- Implement and maintain Active Directory (AD) security best practices, including:
- Privileged Access Management (PAM)
- Role-Based Access Control (RBAC)
- Secure Kerberos configuration and policies
- Conduct periodic reviews of:
- User access rights and privileged accounts
- Group memberships and service accounts
- Identify and remediate AD vulnerabilities and misconfigurations
Group Policy & Endpoint Security Baselines
- Design and enforce Group Policy Objects (GPOs) for enterprise-wide security configurations
- Implement security baselines across 10,000+ endpoints (servers and workstations)
- Ensure systems comply with:
- Internal security standards
- CIS Benchmark configurations
- Continuously monitor and fine-tune GPOs for efficiency and compliance
Compliance & Security Operations
- Ensure infrastructure adheres to internal security policies and regulatory requirements
- Support internal and external audits by providing evidence of patching and configuration compliance
- Maintain documentation of system configurations, patch status, and AD changes
- Collaborate with cybersecurity teams to respond to vulnerabilities and incidents
Infrastructure Maintenance & Support
- Maintain and support Windows Server environments (on-premises and hybrid)
- Perform regular system health checks and proactive maintenance
- Support identity and access management processes within AD
- Participate in infrastructure improvement initiatives and automation efforts
Qualifications & Experience
Education
- Bachelor’s degree in:
- Information Technology
- Computer Science
- Networking or related field
Experience
- 4–8+ years of experience in:
- Windows Server Administration
- Active Directory management in large enterprise environments
- Proven experience managing 10,000+ endpoints is highly preferred
- Hands-on experience with:
- WSUS and SCCM for patch management
- GPO design and enforcement
Technical Skills
- Strong knowledge of:
- Windows Server OS (2016/2019/2022)
- Active Directory architecture and security
- Kerberos authentication and policies
- Experience with:
- CIS Benchmarks and system hardening practices
- Endpoint security configuration and compliance tools
- Familiarity with:
- Hybrid environments (on-prem + Azure AD)
- PowerShell scripting for automation
Soft Skills
- Strong problem-solving and troubleshooting ability
- Attention to detail with a strong security mindset
- Ability to manage tasks in large, complex environments
- Effective communication and teamwork skills
Certifications (Preferred / Required)
- Microsoft Certified: Windows Server Hybrid Administrator Associate
- Microsoft 365 Certified: Security Administrator Associate
- Additional certifications (nice to have):
- Microsoft Certified: Azure Administrator Associate
- CISSP / Security+
Key Competencies
- Patch Management & Compliance
- Active Directory Security
- Endpoint Security Management
- GPO & Policy Enforcement
- Infrastructure Stability & Operations
- Risk Awareness & Mitigation
