Windows Security Consultant- 6 Months- Inside IR35- Hybrid in Hove

Windows Security Consultant- 6 months- Inside IR35- Hybrid in Hove

Role Overview

A 6-month hybrid contract role based in Hove (3 days on-site) within a Financial Services unit, focused on enterprise endpoint security. The position requires a security engineer with strong expertise in Microsoft Application Control (WDAC/AppLocker) alongside the Ivanti suite of endpoint management tools. The role spans policy design, implementation, and ongoing management to secure enterprise endpoints while balancing usability and productivity.

Key Responsibilities

• Design, deploy, and manage Windows Defender Application Control (WDAC) policies and AppLocker whitelisting strategies, including code integrity policies to restrict execution to trusted applications.
• Monitor, audit, and troubleshoot application control policies, integrating them with Microsoft Intune and Group Policy for centralised management.
• Configure and manage Ivanti Environment Manager for user personalisation, profile optimisation, and improved logon performance.
• Implement Ivanti Device & Application Control (IDAC) for application whitelisting/blacklisting and device control (eg USB and peripheral restrictions), ensuring endpoint compliance.
• Manage centralised policy deployment via the Ivanti Management Console, including agent deployment, upgrades, and package distribution.

Top 5 Skills

• WDAC & AppLocker expertise- Hands-on experience designing and enforcing Windows Defender Application Control and AppLocker policies, including audit vs. enforced modes and code signing principles.
• Ivanti suite proficiency Practical experience across Ivanti Environment Manager, Device & Application Control, and the Ivanti Management Console for endpoint policy and configuration management.
• Windows security architecture- Strong understanding of application whitelisting, policy enforcement, and broader Windows endpoint security principles.
• Policy deployment & troubleshooting- Experience deploying policies via Intune or Group Policy, with the ability to troubleshoot application blocking and connectivity issues.
• Endpoint security tooling- Familiarity with Microsoft Defender for Endpoint, PowerShell Scripting for policy management, and tools such as SCCM; relevant certifications (Microsoft MD-102/SC-200 or Ivanti) are a plus.