Job Title: Customer Security Engineer Job Description We're Concentrix. The intelligent transformation partner. Solution-focused. Tech-powered. Intelligence-fueled. The global technology and services leader that powers the world’s best brands, today and into the future. We’re solution-focused, tech-powered, intelligence-fueled. With unique data and insights, deep industry expertise, and advanced technology solutions, we’re the intelligent transformation partner that powers a world that works, helping companies become refreshingly simple to work, interact, and transact with. We shape new game-changing careers in over 70 countries, attracting the best talent. The Concentrix Technical Products and Services team is the driving force behind Concentrix’s transformation, data, and technology services. We integrate world-class digital engineering, creativity, and a deep understanding of human behavior to find and unlock value through tech-powered and intelligence-fueled experiences. We combine human-centered design, powerful data, and strong tech to accelerate transformation at scale. You will be surrounded by the best in the world providing market leading technology and insights to modernize and simplify the customer experience. Within our professional services team, you will deliver strategic consulting, design, advisory services, market research, and contact center analytics that deliver insights to improve outcomes and value for our clients. Hence achieving our vision. Our game-changers around the world have devoted their careers to ensuring every relationship is exceptional. And we’re proud to be recognized with awards such as "World's Best Workplaces," “Best Companies for Career Growth,” and “Best Company Culture,” year after year. Join us and be part of this journey towards greater opportunities and brighter futures. **Required:** + Fluent Spanish (preferable) based in Mexico City for some onsite visits. + **_Active Directory Domain Services_** + Deployment + Must demonstrate knowledge about how DCs are promoted/demoted, how many partitions are involved in a given Forest design, their names and functionalities provided. + Upgrade to newer Windows Server versions + Must specifically mention the 3 phases involved, Schema Extension, DC replacement, Functional Level Raise. Must be able to suggest rollback options for each. + _Troubleshooting and Recovery_ + Must show repadmin tool knowledge, mainly explain what /replsum /bydest /sort:delta does, what /showreps does, what /kcc does, what /syncall /Aeq does, what /showobjmeta does. + **_Performance_** + Must be able to explain how to collect performance counters and which tool to use for that. Mention some counter thresholds like Physical Disk maximum recommended latency, Memory Commit Limit, CPU maximum recommended utilization. + **_Security Hardening_** + TLS versions supported for the various versions of Windows + **_LM Compatibility Level_** + How to prevent rogue file servers from impersonating the SYSVOL share + How to better protect LDAP communications + How many members is recommended to have on high privilege groups such as Domains Admins, Schema Admins + PowerShell scripting + Must be able to understand what a script does and add specific requested functionality to it. + Kerberos interoperability with 3 _rd_ -party implementations + Must know what is a KEYTAB file and what it does + Must know which Encryption Types were and are supported nowadays + Must show deep understanding of how MIT Kerberos v5 works and interoperates with Active Directory + **_Credential Theft Mitigation_** + What LAPS provide, how it works, and its deployment options. + Must be able to explain the Enterprise access model (may mention the old way of splitting in Tier 0, 1, and 2 and what goes where + What Hashing Algorythms are no longer considered secure? + Why Wdigest is now obsolete and recommended to be disabled? + What is RestrictedAdmin Remote Desktop, what difference with Remote Credential Guard can be mentioned? + Must know how to prevent credential exposure on Windows systems, how to prevent Domain Admins from logging on untrusted computer. + **_DNS_** + How Dynamic Update works + What are the options from resolving names on separate namespaces and their main differences among them + What are the replication scopes for AD-Integrated zones + What zones are required + Active Directory Certificate Services (multi-layered PKI) + **_Deployment_** + What are roles available for Certificate Services, Web Enrollment, OCSP, NDES, others? + Be able to describe benefits for a 2-tier PKI, or the benefits for a 1-tier PKI + Upgrade to newer Windows Server versions + Must be able to describe the important pieces to export and import + **_Troubleshooting and Recovery_** + Must be able to describe the data that is verified before certificates are dimmed valid and trusted. + Security Hardening + Roles recommended to be separated + Must be able to talks about Key Lengths and recommended current values + PowerShell, Certutil, certreq command line management + How to request, approve/issue, retrieve certificates using such tools + **_PKI concepts_** + Trust Chain + Asymmetric Encryption versus Symmetric Encryption + Entra Connect and Cloud Sync + Deployment + When to use which? + **_Upgrade_** + Describe the process available + Troubleshooting and Recovery + What are Connectors + What is the Metaverse + Demonstrate how to follow an object from Active Directory to Entra ID throughout the synchronization engine. + **_Performance_** + How frequent can synchronization perform? + Security Hardening + Accounts or Security Principals involved or required, minimum permissions. + Where to install Entra Cloud agents + Where to install Entra Connect + PowerShell scripting + How to start synchronization cycle + **_Networking_** + Windows Defender Firewall configuration + Interaction with IPSec + Deploy rules from GPOs + **_Routing_** + What is NAT? mention some examples why it is used not between the Internet and a local network. + Is routing bidirectional or must be set up in both directions to work? + Must be able to tell the difference between "Request Timed Out" and "Destination Host Unreachable" when using ping + Network Packet Capture and Troubleshooting + Explain TCP 3-way handshake, how to see it in netstat. + Must be able to mention 2 data capture and analysis tools. We accept applications for this position on an ongoing basis. Location: MEX Work-at-Home Language Requirements: Time Type: **If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents (https://www.concentrix.com/resource/job-applicant-privacy-notice-for-california-residents/)**