Open app
Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Windows Server 2025 CIS Hardening Consultant / Security Build Engineer

Eclaro

Oakland, CA
Windows Server 2025 CIS Hardening Consultant / Security Build Engineer
Job Number: 26-00971

Use your skills where innovative technology solutions begin. ECLARO is looking for a Windows Server 2025 CIS Hardening Consultant / Security Build Engineer for our client in Oakland, CA.

ECLARO's client is a leading technology solutions provider, collaborating with customers to manage their needs and achieve success in their business goals. If you're up to the challenge, then take a chance at this rewarding opportunity!

Responsibilities:
  • Develop, validate, and document a CIS-hardened Windows Server 2025 golden image that can be used as the organization's standard server build image.
  • Review existing Windows Server build standards.
  • Identify applicable CIS benchmark profile, such as Level 1 Member Server.
  • Build or update Windows Server 2025 baseline image.
  • Apply CIS hardening settings through GPO, local policy, PowerShell, or build automation.
  • Run Tenable CIS benchmark scans against the image.
  • Remediate failed controls where technically feasible.
  • Document exceptions where controls cannot be applied due to operational impact.
  • Validate core functionality after hardening.
  • Create final golden image or VM template.
  • Provide implementation guide for future server builds.
  • Provide handoff documentation for Cybersecurity and Infrastructure teams.
  • Expected Deliverables:
    • CIS-hardened Windows Server 2025 golden image or VM template.
    • GPO / local policy configuration package.
    • Tenable CIS benchmark scan results before and after remediation.
    • Remediation tracker with pass / fail status.
    • Exception / risk acceptance register.
    • Build and deployment guide.
    • Rollback or troubleshooting notes.
    • Recommended patching and maintenance process.
    • Final handoff session with Cybersecurity, Systems, and NetOps teams.
  • Success Criteria:
    • Windows Server 2025 image is hardened against the agreed CIS benchmark profile.
    • Tenable compliance scan results are reviewed and documented
    • Exceptions are clearly justified and approved.
    • Image is operationally usable by Infrastructure teams.
    • Cybersecurity can approve the image as the organization's standard Windows Server 2025 baseline.
Required Skills:
  • Strong Windows Server 2022 / 2025 administration experience.
  • CIS Benchmark implementation experience for Windows Server.
  • Group Policy Object design and hardening.
  • Tenable / Nessus compliance scanning experience, including CIS benchmark scans.
  • PowerShell scripting for configuration validation and remediation.
  • Active Directory, DNS, local security policy, Windows Firewall, audit policy, and service hardening.
  • Experience with Microsoft security baselines.
  • Vulnerability remediation and exception documentation.
  • Golden image creation, Sysprep, VM templates, or image deployment process.
  • Security logging and Windows event forwarding / SIEM integration.
  • Ability to balance security hardening with operational compatibility.
  • The consultant should be able to work independently with Cybersecurity and Infrastructure
  • teams and should have hands-on experience implementing hardening controls, not just reviewing scan results.

Preferred Skills:
  • Experience with VMware, Hyper-V, Azure, or enterprise server image pipelines.
  • Experience with Defender for Endpoint or similar EDR.
  • Experience with STIG, NIST, or enterprise configuration compliance.
  • Experience creating build documentation and operational runbooks.

If hired, you will enjoy the following ECLARO Benefits:
  • 401k Retirement Savings Plan administered by Merrill Lynch
  • Commuter Check Pretax Commuter Benefits
  • Eligibility to purchase Medical, Dental & Vision Insurance through ECLARO

If interested, you may contact:
Lea Enriquez
View email address on click.appcast.io
View phone number on click.appcast.io
Lea Enriquez | LinkedIn

Equal Opportunity Employer: ECLARO values diversity and does not discriminate based on Race, Color, Religion, Sex, Sexual Orientation, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status, in compliance with all applicable laws.
Apply
Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Windows Server 2025 CIS Hardening Consultant / Security Build Engineer in Oakland, CA vacancy
  • Security Engineer, Corporate Security

    $220k - $260k

     ...Corporate Security Engineer Millions of people rely on Notion to do their...  ...protecting the people who build Notion: our employees, their...  ...What You'll Achieve: Harden our identity and access management...  ..., with working coverage for Windows and ChromeOS. Secure AI... 
    Windows
    Local area

    Notion, LLC

    San Francisco, CA
    23 hours ago
  • Security Engineer - Hybrid
     ...Summary The IT Security Engineer performs core security functions...  ...or not (e.g. workstations, servers, network devices)....  ...Working technical knowledge of Windows OS hardening, perimeter security, firewall...  ...~ Familiarity with NIST, CIS, PCI, DSS standards Perks... 
    Windows
    Work experience placement
    Work at office
    Local area
    Remote work
    Work from home
    Home office
    Work visa
    Relocation package

    Workers' Compensation Insurance Rating Bureau of California

    San Francisco, CA
    3 days ago
  • Senior Security Engineer, Enterprise Security

    $196k - $220.5k

     ...looking for an experienced Senior Enterprise Security Engineer reporting to the Engineering Manager of...  ...Discord's IT and security policies. Build secure, sustainable environments using...  ...ChromeOS environment with a smaller Windows footprint. We used Jamf & Intune for... 
    Windows
    Full time
    Work at office
    Relocation
    Relocation package
    2 days per week
    1 day per week

    Discord

    San Francisco, CA
    4 days ago
  • Principal Security & Infrastructure Engineer

    $175k - $250k

     ...Principal Security & Infrastructure Engineer Emeryville, California, United States; Hybrid (2-3 days on...  ...security architecture, access controls, hardening, monitoring, incident readiness,...  ...compliance scope Drive standardization of Windows-based lab automation environments,... 
    Windows
    Remote work

    Profluent

    Emeryville, CA
    3 days ago
  • Enterprise Security Engineer
     ...50 biopharma. We’re building an AI scientist for our...  ...As an Enterprise Security Engineer at Benchling you’ll be...  ...Develop and enforce CIS/NIST-aligned configuration...  ...fundamentals (MacOS/Linux/Windows) PREFERRED...  ...Administrator, Okta Certified Consultant, or equivalent certification... 
    Windows
    Work at office
    Local area
    Flexible hours
    3 days per week

    Benchling

    San Francisco, CA
    4 days ago
  • Corporate Security Engineer
     ...Superhuman is on a mission to build the fastest, most delightful...  .... We're looking for a Security Engineer to join our Corporate Technology...  ...team, you will harden and secure the systems our employees...  ...experience with both MacOS and Windows endpoint security.... 
    Windows
    Worldwide
    Home office
    Flexible hours

    Superhuman

    San Francisco, CA
    1 day ago
  • Senior Security Engineer
     ...for any company that builds software. Our mission...  ...give leaders clarity and engineers time. We help...  ...looking for a Senior Security Engineer to help shape...  ...protecting customer data, hardening our production environment...  ...'t walk past broken windows. You care about... 
    Windows
    Odd job

    Macroscope

    San Francisco, CA
    4 days ago
  • IT Security Engineer

    $113k - $173k

     ...IT Security Engineer Addison, TX (Hybrid); Bellevue, WA (Hybrid); Durham, NC (Hybrid); Emeryville...  ...endpoint security initiatives, and building the automation and processes needed to...  ...network protocols, operating systems (Windows, Linux, macOS), and common enterprise infrastructure... 
    Windows
    Full time
    Live in
    Worldwide
    Flexible hours

    Tanium

    Emeryville, CA
    23 hours ago
  • OT Security Engineer

    $120k - $155k

     ...we develop, finance, engineer, build, own, and operate high...  ...looking for a talented OT Security Engineer to help...  ...and tune EDR on plant servers and engineering workstations...  .... Maintain hardened baselines and configuration...  ...cybersecurity program, aligned to CIS Controls v8, NIST CSF... 
    Remote work
    Work from home
    Home office

    Adapture Renewables

    Oakland, CA
    23 hours ago
  • Senior Security Engineer, Enterprise Security

    $165k - $242k

     ...Senior Security Engineer, Enterprise Security CoreWeave is The Essential Cloud for AI™. Built...  ..., and teams that enables innovators to build and scale AI with confidence. Trusted by...  ...SaaS and collaboration platforms Harden endpoints and the extended workforce... 
    Temporary work
    For contractors
    Remote work
    Flexible hours

    CoreWeave

    San Francisco, CA
    2 days ago
  • Security Engineer, Agent Security

    $234.4k - $385k

     ...s mission is to accelerate the secure evolution of agentic AI systems...  ...About the Role As a Security Engineer on the Agent Security Team ,...  ...Infrastructure stack. Building production-grade security tooling - ship code that hardens safety monitoring pipelines across... 

    OpenAI

    San Francisco, CA
    2 days ago
  • Kubernetes Platform Engineer
     ...Kubernetes Platform Engineer 1 year contract - Extension...  ...processes for building, configuring, and deploying...  ...including upgrades, security patching, scaling,...  ...cluster security hardening based on CIS benchmarks and organizational...  ...and maintenance windows Networking &... 
    Windows
    Contract work

    Bay Systems Consulting Inc

    Berkeley, CA
    23 hours ago
  • Information Security Engineer, Consultant
    Your Role The Application Security team reports to the Director of Information Security and is responsible for driving continual risk...  ...Ascendiun Family of Companies Stellarus, launched in January 2025, is designed to scale innovative healthcare solutions that support... 
    Full time
    Part time
    Work at office
    Local area
    Work from home
    Home office
    2 days per week

    Blue Shield of California

    Oakland, CA
    3 days ago
  • Security Engineer, Insider Threat Detection & Response

    $230k - $385k

     ...About the Team Security is at the foundation of OpenAI's mission...  ...We are technical in what we build but are operational in how we...  ...the Role As a Security Engineer you will join our OpenAI engineers...  ...and platforms such as macOS, Windows, Linux, and Kubernetes, along... 
    Windows

    OpenAI

    San Francisco, CA
    4 days ago
  • Senior Software Engineer, Security Engineering
     ...Senior Software Engineer, Security Engineering At Bot Auto, we are revolutionizing the transportation...  ..., Security Engineering to design, build, and operate security across Bot Auto's...  ...secure over-the-air (OTA) updates, and hardening of the autonomous driving software... 

    Bot Auto

    San Francisco, CA
    23 hours ago
  • Cybersecurity SOC Analyst II

    $110k - $160k

     ...Analyst II to join our growing Security Operations team and help...  ...closely with senior security engineers, IT, and infrastructure teams...  ...Sentinel Strong understanding of Windows, Linux, macOS, and cloud-...  ...such as NIST 800-171, CMMC, CIS Controls, or ISO 27001 Experience... 
    Windows
    Contract work
    Work experience placement
    Casual work
    Relocation package

    CHAOS Industries

    San Francisco, CA
    23 hours ago
  • Busser

    $17.34 per hour

     ...tables efficiently to maintain a smooth flow or service Assist servers by refilling water, bringing extra utensils, and delivering...  ...dishwasher regularly Routinely sweep and mop floors, wipe windows and mirrors and take out the trash, recycling and compost when... 
    Windows
    Hourly pay
    Local area
    Shift work

    Burma Inc

    Oakland, CA
    2 days ago
  • Information Security Engineer, Consultant
     ...Your Role The Principal Information Security Engineer, Consultant - Network Protection is a highly skilled technical contributor within the Information Asset Protection team, responsible for designing, implementing, and supporting enterprise-wide network security... 
    Remote work

    Blue Shield of CA

    Oakland, CA
    23 hours ago
  • Physical Security Systems Engineer

    $158k - $175k

     ...About the Team The Physical Security Engineering team designs, deploys, and sustains the systems that protect OpenAI's people, facilities...  ...schemas, switch configurations, IoT device connectivity, Windows Server, and database dependencies. Improve operational... 
    Windows
    Work at office

    OpenAI

    San Francisco, CA
    23 hours ago
  • Senior Security Engineer I, Advanced Response

    $139k - $204k

     ...Senior Security Engineer I, Advanced Response CoreWeave is The Essential...  ...teams that enables innovators to build and scale AI with confidence....  ...(Nasdaq: CRWV) in March 2025. Learn more at What You'...  ...findings into durable actions to harden CoreWeave and improve our... 
    Temporary work
    Casual work
    Work at office
    Remote work
    Flexible hours

    CoreWeave

    San Francisco, CA
    17 days ago
  • Security Engineer

    $159k - $201k

    Everlaw is looking for a Security Engineer. Reporting to the Manager, Security Engineering, you will...  ...customers and company. We collaborate, build, and use technology to make it easy to...  ...NYC Local Law 144. We began using Covey Scout for Inbound on the 9th of June, 2025.
    Full time
    Work at office
    Local area
    Remote work
    Visa sponsorship
    Work visa
    Flexible hours
    3 days per week

    Everlaw

    Oakland, CA
    3 days ago
  • Founding Security Engineer
     ...Founding Security Engineer Promise modernizes how government agencies and utilities support people in financial difficulty. We build technology that makes it simple for residents to receive...  ...modeling experience Deep Kubernetes hardening/runtime experience How We... 
    Permanent employment
    Work at office
    Local area
    Flexible hours

    Promise

    Oakland, CA
    3 days ago
  • Senior Security Engineer

    $244k - $292k

     ...Fintech Powering Financial Security at Scale Kikoff is...  ...revenue growth in 2025 and a unicorn valuation...  ...help millions of people build credit, access...  ...developer workflows to hardening our software supply chain...  ...will be felt by every engineer at Kikoff and every customer... 
    Local area

    Kikoff

    San Francisco, CA
    23 hours ago
  • IT Systems Engineer

    $190k - $240k

     ...Powering Financial Security at Scale...  ...revenue growth in 2025 and a unicorn...  ...of people build credit, access...  ...dedicated Systems Engineer. This isn't an...  ...MCP servers & AI agents -...  ...do Endpoint hardening & macOS/Windows fleet management...  ...configuration profiles, CIS benchmark... 
    Windows
    Local area

    Kikoff

    San Francisco, CA
    3 days ago
  • Senior Product Security Engineer

    $162k - $260k

     .... Aurora's Product Security team's mission is to discover...  ...documenting security engineering processes and the...  ...will: Provide consulting and advisory services...  ...emergency response, OS hardening, vulnerability...  ...outrageous goals, and build a culture where we win... 
    Work experience placement
    Work at office
    Local area
    3 days per week

    Aurora Innovation

    San Francisco, CA
    3 days ago
  • Security Engineer, Application Security

    $234.4k - $385k

     ...About the Team Security is at the foundation of OpenAI's mission to ensure that artificial...  ...products. We are technical in what we build but are operational in how we do our work...  .... About the Role As a Security Engineer, Application Security you will be... 
    Work at office
    Remote work
    Relocation package

    OpenAI

    San Francisco, CA
    1 day ago
  • Product Security Engineer

    $117.2k - $176.7k

     ...Salesforce. Overview of the Role: We are looking for a Product Security Engineer to join our Salesforce Product Security Advisors team. You...  ...(SAML), OAuth 2.0, and OpenID Connect (OIDC). Audit and harden cloud infrastructure supporting our environment, ensuring... 

    Salesforce.Com Inc

    San Francisco, CA
    4 days ago
  • Security Engineer, Workspace Security

    $134.4k - $170.53k

     ...Why Join Us? As the world's leading vendor of Cyber Security, facing the most sophisticated threats and attacks, we've assembled...  ...against the most sophisticated threats. As a Workspace Security Engineer, you'll be at the heart of our mission, contributing your expertise... 
    Temporary work
    Local area

    Check Point Software Technologies

    San Francisco, CA
    4 days ago
  • Security Engineer, Product Security

    $237.6k - $297k

     ...We are seeking a highly technical Security Engineer to join our Product Security team. This role is integral to ensuring the security and integrity...  ...You will: Leverage broad product security expertise to build and maintain software tooling that secures every layer of the... 
    Full time

    Scale AI

    San Francisco, CA
    1 day ago
  • Senior Lead Software Engineer - Windows Server Infrastructure
     ...meaningful impact. As a Senior Lead Software Engineer - Windows Server Engineering at JPMorgan Chase within...  ...infrastructure (2016/2019/2022/2025) across physical, virtual and...  ...machines * Ensure compliance with security policies, standards, and regulatory requirements... 
    Windows
    Full time

    JPMorgan Chase & Co.

    San Francisco, CA
    2 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Windows Server 2025 CIS Hardening Consultant / Security Build Engineer. Be the first to apply!

Related searches