Windows Technical Consultant
December 28, 2024
Salary: $120,000 to $155,000
Start Date: January 2025
Location: Montgomery, Alabama
Technology Consultant role within a Windows Domain environment in a DoD enterprise setting that adheres to NSA Security Technical Implementation Guides (STIG).
Job Responsibilities and Preferred Experience:
Advanced Windows Domain Expertise:
Key Technologies and Skills Required:
PGTEK is a true consulting organization dedicated to helping clients achieve their business and technology objectives utilizing our decades of experience and business relationships. PGTEK invests in the educational advancement of our staff by providing the necessary resources to complete Professional and Business Certifications. Our company is our people, and we treat them like family. EOE, including disability/veterans.
Our comprehensive benefits package for full-time salaried employees is effective immediately upon the start date. Benefits include comprehensive PPO medical coverage with access to a Health Savings Account (HSA) option, a vision plan, and dental insurance with the base dental plan option paid for by PGTEK. Life Insurance, Short and Long-Term disability, and Critical Illness insurance have premiums covered. Additionally, PGTEK offers a matching 401(k) plan and a discount on pet insurance through ASPCA Pet Insurance. An Employee Assistance Program is available at no cost to all employees. We offer a generous amount of PTO and Holidays, and an Education Assistance Program is available after 12 months of employment.
Start Date: January 2025
Location: Montgomery, Alabama
Technology Consultant role within a Windows Domain environment in a DoD enterprise setting that adheres to NSA Security Technical Implementation Guides (STIG).
Job Responsibilities and Preferred Experience:
Advanced Windows Domain Expertise:
- Active Directory Management: Deep expertise in configuring and managing Active Directory (AD), including Group Policy Objects (GPOs), Organizational Units (OUs), and Role-Based Access Control (RBAC) in compliance with DoD security policies.
- DNS and DHCP Configuration: Knowledge of DNS and DHCP configuration within a Windows Domain while ensuring adherence to STIG requirements, such as secure updates and proper DNS zone configurations.
- Windows Server Hardening: Proven experience in hardening Windows Server environments per NSA STIG guidelines, including securing system configurations, applying patches, and enforcing strong password policies.
- Security Configuration Audits: Conduct regular audits and vulnerability scans, using tools like DISA's Security Content Automation Protocol (SCAP) Compliance Checker, to ensure all systems meet or exceed STIG compliance standards.
- GPO Development for Compliance: Design and deploy GPOs tailored to meet STIG requirements, including controls for auditing, logging, password policies, account lockouts, and access permissions.
- Remediation and Documentation: Identify and remediate vulnerabilities, document all deviations, and develop POA&Ms (Plans of Action and Milestones) for tracking non-compliant findings until resolved.
- Technical Project Oversight: Lead and coordinate small to medium-sized projects focused on the implementation or enhancement of domain services, ensuring compliance with STIG standards and DoD security requirements.
- Cross-Functional Team Collaboration: Facilitate communication among cross-functional teams, including cybersecurity, network engineering, and systems administration, ensuring smooth project execution and compliance validation.
- Lifecycle Management: Provide structured team management throughout project lifecycle stages, focusing on secure architecture, system configurations, and ensuring adherence to NSA STIG guidelines.
- Incident Response & Forensics: Develop incident response strategies specific to a DoD environment, including active monitoring of Domain Controllers and Windows servers for security events and compliance violations.
- Threat Intelligence Application: Apply knowledge of current threat vectors, such as lateral movement attacks and privilege escalation, to design domain architecture and GPO policies that limit attack surfaces.
- Patch Management Compliance: Coordinate and oversee the patch management process, ensuring timely application of security patches across the Windows Domain environment, with particular attention to high-priority vulnerabilities.
- Familiarity with RMF and FISMA: Knowledge of the Risk Management Framework (RMF) and Federal Information Security Management Act (FISMA) as they apply to the implementation and operation of Windows Domains in the DoD.
- User and Privilege Management: Implement and manage policies for least privilege access, account monitoring, and administrative control restrictions according to DoD policies and STIG guidelines.
- Data Encryption Standards: Apply NSA-approved encryption methods for data at rest and in transit, including PKI and TLS configurations to secure communications within the Windows Domain.
- Client Liaison: Serve as the primary technical contact for client representatives, including DoD security officers and IT leadership, to address complex technical issues, interpret STIG requirements, and ensure all concerns are effectively managed.
- Solution Design and Documentation: Provide technical recommendations for Windows Domain architecture and security implementations, drafting detailed technical documentation for both client use and compliance records.
- Mentorship and Guidance: Act as a mentor to junior consultants and administrators, offering guidance on STIG interpretation, system configuration best practices, and DoD compliance strategies.
- Troubleshooting STIG-Related Compliance Issues: Develop problem-solving methods for unique compliance challenges, such as resolving conflicts between operational needs and STIG requirements.
- System Diagnostics and Optimization: Perform diagnostics to optimize system performance while maintaining strict adherence to security controls and DoD operational requirements.
- Incident Remediation and Root Cause Analysis: Investigate and resolve security incidents within the Windows Domain, applying root cause analysis to prevent future occurrences and ensure compliance continuity.
Key Technologies and Skills Required:
- Windows Server 2016/2019/2022
- Active Directory (AD), Group Policy Management Console (GPMC)
- PowerShell Scripting for automation and STIG compliance checks
- STIG Compliance Tools: DISA SCAP, Security Technical Implementation Guide Viewer (STIG Viewer)
- Vulnerability Management: Tenable Nessus, ACAS (Assured Compliance Assessment Solution)
- Incident Response Tools: Splunk, Microsoft Advanced Threat Analytics (ATA), Windows Event Forwarding
- Encryption and Key Management: PKI, TLS, and DoD-approved encryption mechanisms
PGTEK is a true consulting organization dedicated to helping clients achieve their business and technology objectives utilizing our decades of experience and business relationships. PGTEK invests in the educational advancement of our staff by providing the necessary resources to complete Professional and Business Certifications. Our company is our people, and we treat them like family. EOE, including disability/veterans.
Our comprehensive benefits package for full-time salaried employees is effective immediately upon the start date. Benefits include comprehensive PPO medical coverage with access to a Health Savings Account (HSA) option, a vision plan, and dental insurance with the base dental plan option paid for by PGTEK. Life Insurance, Short and Long-Term disability, and Critical Illness insurance have premiums covered. Additionally, PGTEK offers a matching 401(k) plan and a discount on pet insurance through ASPCA Pet Insurance. An Employee Assistance Program is available at no cost to all employees. We offer a generous amount of PTO and Holidays, and an Education Assistance Program is available after 12 months of employment.