Windows Security Engineer

A Career with Point72's Global Information Security Team. Our Global Information Security team's mission is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of Point72 information assets. Our team is comprised of security professionals with expertise in a diverse portfolio of security disciplines.

What you'll do:

• Design and implement secure Windows Server and Active Directory architectures at scale.
• Architect and maintain hybrid identity solutions integrating on-premise AD with EntraID (Azure AD) and Okta.
• Configure and manage AD delegation models following least privilege principles.
• Implement and maintain identity protection solutions (e.g., Defender for Identity, CrowdStrike Identity Protection, Quest Active Roles, etc.).
• Develop and enforce security standards for Windows Server deployments, including bare metal, VMware and public cloud (AWS, Azure, GCP).
• Collaborate with Endpoint Engineering teams to secure Windows endpoints using solutions including SCCM and InTune.
• Configuration management for Windows Firewall and ASR rules across our endpoint estate.
• Help to monitor and mature our Windows patching and vulnerability management program.
• Perform security assessments and audits of Windows infrastructure.
• Monitor and respond to security incidents related to Windows infrastructure.
• Collaborate with infrastructure and security teams on identity and access management initiatives.

What's required:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 7+ years of experience in Windows Server administration and security with deep expertise in Active Directory, Group Policy, AzureAD/EntraID, ADFS, DFS, SMB/CIFS, IIS, SQL Server, Kerberos, LDAP, NTLM, DNS, WMI, LAPS, Bitlocker and related Microsoft Server technologies.
• Experience with all common versions of Windows Server (2012, 2016, 2019, 2022 & 2025) and Windows 10-11 desktop OS.
• Strong general knowledge of core infrastructure (Networking, storage, virtualization/VMware, etc.).
• Advanced knowledge of AD delegation models and associated best practices.
• Experience with identity protection platforms (Defender for Identity, CrowdStrike Identity Protection, etc.).
• Proficiency navigating and triaging Windows event logs.
• Familiarity with Centrify as means of integrating Linux with Active Directory.
• Familiarity with Quest Active Directory security products (e.g., Active Roles).
• Proficiency with PowerShell required.

We take care of our people. We invest in our people, their careers, their health, and their well-being. When you work here, we provide:

• Fully-paid health care benefits.
• Generous parental and family leave policies.
• Volunteer opportunities.
• Support for employee-led affinity groups representing women, people of colour and the LGBT+ community.
• Mental and physical wellness programs.
• Tuition assistance.
• A 401(k) savings program with an employer match and more.

About Point72: Point72 Asset Management is a global firm led by Steven Cohen that invests in multiple asset classes and strategies worldwide. Resting on more than a quarter-century of investing experience, we seek to be the industry's premier asset manager through delivering superior risk-adjusted returns, adhering to the highest ethical standards, and offering the greatest opportunities to the industry's brightest talent. We're inventing the future of finance by revolutionising how we develop our people and how we use data to shape our thinking.