Windows Endpoint Security Engineer

Clearance Level
Systems Engineering
Rockville, Maryland

REQ#: RQ99138

Travel Required: None
Public Trust: NACLC (T3)
Requisition Type: Regular

We are seeking a Windows Endpoint Security Engineer to support the National Institutes of Allergy and Infectious Diseases (NIAID). As a Windows Endpoint Security Engineer, you will collaborate with stakeholders to implement endpoint configuration management security baselines, deploy security updates via Microsoft Endpoint Configuration Manager, and ensure endpoints are compliant with established security policies and standards.  

You will work closely with a team of innovative and savvy people to engineer and optimize Windows endpoint security compliance with new tools and technologies. You’ll help design and streamline our endpoint security operations and processes, and leverage tools, such as Active Directory, BitLocker, Group Policy, MBAM, MECM, Nessus Tenable, and Absolute Resilience to proactively secure the Windows environment. You will be working with other teams to implement scalable enterprise endpoint security solutions.

To be successful in this role, you will like being a part of a team and be capable of working with others to technically detail how we get from where we are to where we want to be.  

Work is currently being performed remotely but will require some work at the client site in Rockville, MD once pandemic restrictions are lifted.

What GDIT Can Offer You

  • Opportunity to participate in a transformative undertaking.

  • Opportunity to stay at the forefront of Microsoft Windows endpoint configuration management and security. 

  • See the business impact of technology. 

  • Ability to expand your enterprise endpoint management knowledge and adoption of Windows 10 security best practices.

In this role, typical activities will include:

  • Collaborating with other Windows engineers and stakeholders in configuring and deploying solutions to implement configuration management security baselines and policies for Windows 10 endpoints. 

  • Joining standing and ad hoc meetings to brainstorm new technical solutions. Then, either collaboratively or independently, implement the solutions, such as deploying security software agents/tools and security updates via Microsoft Endpoint Configuration Manager.

  • Using tools, such as MECM, MBAM, Absolute Resilience, Nessus Tenable, Active Directory, Windows Firewall, and GPO to effectively secure Windows 10 endpoints.

  • Packaging and deploying software security updates for Microsoft OS, Microsoft (Office) 365, and other software for Windows endpoints.

  • Ensuring Windows 10 images and task sequences are current with available security updates.

  • Providing tier 3 support to Customer Service Branch help desk and technicians to analyze and troubleshoot endpoint deployment and other issues.


Required Skills and Experience:

  • B.S. degree (or equivalent) and a minimum 8 years of experience managing Windows 7/10 workstations in an enterprise environment (2,500 devices minimum).

  • Minimum of five years of experience managing Windows in an enterprise Microsoft Active Directory environment with Group Policy Management.

  • Minimum of five years of experience securing Windows endpoints in a Microsoft Endpoint Configuration Manager environment.

  • Experience using the following tools to manage Windows 7/10 endpoints: Microsoft PowerShell, Microsoft BitLocker Administration and Monitoring, Windows ADK, Windows MDT, Right Click Tools, HP and Dell endpoint tools, and Microsoft Office 365.

  • Experience using Nessus Tenable to scan and identify vulnerabilities.

  • Experience in generating reports and other documentation as required related to the Windows endpoint environment.

  • Must be able to obtain a NIH Public Trust

Desired Skills and Experience:

  • Ability to professionally communicate both written and verbally for presentation of Windows OS related material as a subject matter expert.

  • Able to clearly present ideas to both technical and non-technical users and staff to further the advanced Windows endpoint deployment and configuration management best practices.

  • Extensive knowledge about personal computers – desktops, laptops, hybrids. Also including BIOS configuration, drivers.

  • Experience implementing technologies following CIS Benchmarks for Windows and Microsoft Windows Security Baselines for Windows 10 and Edge browser.

  • Experience using Absolute Resilience as a tertiary security tool for Windows endpoints. 


We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.