- Contract
- Anywhere
Core summary: End-to-end responsible for designing, implementing and rolling out workplace hardening and application control within a complex enterprise environment. You’ll lead the introduction of a default-deny model (WDAC/AppLocker), integrate it with Intune and Microsoft Defender, and ensure controlled, measurable, and secure adoption across the organization.
Goal
To structurally increase endpoint security by realizing a robust, centrally managed and organization-wide applied hardening and application control framework.
Key responsibilities
- Design & implementation of workplace hardening
- Establish an organization-wide hardening framework for Windows endpoints.
- Translating security requirements into technical configurations and policies.
- Default‑deny application control
- Implementeren van Windows Defender Application Control (WDAC) en/of AppLocker.
- Establish a trusted signing and trust model.
- Developing exception processes and governance.
- Integration with Microsoft Intune & Defender
- Configure and distribute policies through Intune.
- Integrate with Microsoft Defender for Endpoint for discovery, reporting, and monitoring.
- Automate deployment and policy updates.
- Phased rollout & tuning
- Setting up a controlled roll-out strategy (pilot → phased adoption → entire organization).
- Setting up monitoring, logging and feedback loops.
- Continuous tuning of rules based on telemetry, incidents and user impact.
- Collaboration & stakeholder management
- Intensive collaboration with Workplace, SOC, IT operations, developers and external suppliers.
- Advising on the security implications of applications, updates and new tooling.
- Clear communication about risks, impact and progress.
Required knowledge and experience
- Deep experience with WDAC, AppLocker, Intune, Microsoft Defender and Windows endpoint management.
- Strong background in endpoint security, hardening, zero trust and default-deny models.
- Experience with enterprise environments and large-scale rollouts.
- Analytical ability to interpret telemetry, incidents, and logs.
- Strong communication skills and able to clearly substantiate technical choices.
Result of the assignment
A fully deployed, stable and manageable application control and hardening framework that structurally strengthens endpoint security, minimizes attack vectors and seamlessly connects to existing SOC processes and tooling.
