You will take end-to-end ownership of designing, implementing, and deploying workplace hardening and application control within a complex enterprise environment. You will lead the introduction of a default-deny security model using Windows Defender Application Control (WDAC) and/or AppLocker, integrate these solutions with Microsoft Intune and Microsoft Defender, and ensure a controlled, measurable, and secure adoption across the organization.
Objective
Strengthen endpoint security by delivering a robust, centrally managed, and organization-wide framework for endpoint hardening and application control.
Responsibilities
Workplace Hardening Design & Implementation
- Design and implement an enterprise-wide hardening framework for Windows endpoints
- Translate security requirements into technical configurations, policies, and security baselines
Default-Deny Application Control
- Implement Windows Defender Application Control (WDAC) and/or AppLocker
- Establish a reliable code-signing and trust model
- Define governance processes for application exceptions and policy management
Microsoft Intune & Defender Integration
- Configure and deploy security policies through Microsoft Intune
- Integrate application control with Microsoft Defender for Endpoint for monitoring, detection, and reporting
- Automate policy deployment and lifecycle management
Phased Rollout & Continuous Optimization
- Develop and execute a controlled deployment strategy (pilot → phased rollout → organization-wide adoption)
- Implement monitoring, logging, and feedback mechanisms
- Continuously fine-tune policies based on telemetry, security incidents, and user impact
Collaboration & Stakeholder Management
- Work closely with Workplace Services, the Security Operations Center (SOC), IT Operations, development teams, and external vendors
- Provide guidance on the security implications of applications, software updates, and new technologies
- Communicate risks, impact, and project progress clearly to both technical and business stakeholders
Required Knowledge & Experience
- Extensive hands-on experience with WDAC, AppLocker, Microsoft Intune, Microsoft Defender, and Windows endpoint management
- Strong background in endpoint security, system hardening, Zero Trust architectures, and default-deny security models
- Experience working in large-scale enterprise environments and managing organization-wide deployments
- Strong analytical skills with the ability to interpret telemetry, security events, and log data
- Excellent communication skills with the ability to clearly explain technical decisions and security recommendations
Expected Outcome
A fully deployed, stable, and centrally managed application control and endpoint hardening framework that significantly strengthens endpoint security, minimizes the attack surface, and integrates seamlessly with existing SOC processes, security operations, and enterprise tooling.