Security Engineer - Purchase, New York | STAND 8 Careers | Stand8
Would you like to work in a global insurance company? This could be a great opportunity for you!
We are hiring for a Security Engineer. STAND 8 provides end to end IT solutions to enterprise partners across the United States and with offices in Mountain View, LA, Atlanta, New York and more.
The engineer reorganizes our existing Active Directory groups, OUs, service accounts, and related objects to improve the privileged access control model for administrators and reduce risk or privilege escalation.
- Design, implement, and document adjustments to our current Active Directory domain to:
- Use tiered administration
- Prevent lower-tier admin IDs from tampering with higher tier admin IDs or service accounts
- Report on permissions (preferably using a graph DB) to identify deviations from this plan
- Review security scorecards from tools like PingCastle, Purple Knight, etc. and develop plans to remediate any gaps
- Extremely strong understanding of Active Directory permissions and OS-level security policies
- Working/functional knowledge of Kerberos authentication and Protected Users restrictions
- Ideally, familiarity with:
- Kerberos armoring
- Assessment tools like Bloodhound, PingCastle, etc.
- Strong analytical skills and experience in enterprise (multi-tier) IT admin structures
- Familiarity with change management protocols
- Excellent oral and written communication skills and the ability to clearly articulate to all member
- Background and knowledge of risk assessment technologies and methods
- Experience with developing and implementing security procedures and policies
- Bachelor's degree or higher in computer engineering, cybersecurity, information security, or a related field