Job Title:

Customer Security Engineer

Job Description

We're Concentrix. The intelligent transformation partner. Solution-focused. Tech-powered. Intelligence-fueled.

The global technology and services leader that powers the world’s best brands, today and into the future. We’re solution-focused, tech-powered, intelligence-fueled. With unique data and insights, deep industry expertise, and advanced technology solutions, we’re the intelligent transformation partner that powers a world that works, helping companies become refreshingly simple to work, interact, and transact with. We shape new game-changing careers in over 70 countries, attracting the best talent.

The Concentrix Technical Products and Services team is the driving force behind Concentrix’s transformation, data, and technology services. We integrate world-class digital engineering, creativity, and a deep understanding of human behavior to find and unlock value through tech-powered and intelligence-fueled experiences. We combine human-centered design, powerful data, and strong tech to accelerate transformation at scale. You will be surrounded by the best in the world providing market leading technology and insights to modernize and simplify the customer experience. Within our professional services team, you will deliver strategic consulting, design, advisory services, market research, and contact center analytics that deliver insights to improve outcomes and value for our clients. Hence achieving our vision.

Our game-changers around the world have devoted their careers to ensuring every relationship is exceptional. And we’re proud to be recognized with awards such as \"World's Best Workplaces,\" “Best Companies for Career Growth,” and “Best Company Culture,” year after year.

Join us and be part of this journey towards greater opportunities and brighter futures.

Required:

Fluent Spanish (preferable) based in Mexico City for some onsite visits.

Active Directory Domain Services

Deployment

Must demonstrate knowledge about how DCs are promoted/demoted, how many partitions are involved in a given Forest design, their names and functionalities provided.

Upgrade to newer Windows Server versions

Must specifically mention the 3 phases involved, Schema Extension, DC replacement, Functional Level Raise. Must be able to suggest rollback options for each.

Troubleshooting and Recovery

Must show repadmin tool knowledge, mainly explain what /replsum /bydest /sort:delta does, what /showreps does, what /kcc does, what /syncall /Aeq does, what /showobjmeta does.

Performance

Must be able to explain how to collect performance counters and which tool to use for that. Mention some counter thresholds like Physical Disk maximum recommended latency, Memory Commit Limit, CPU maximum recommended utilization.

Security Hardening

TLS versions supported for the various versions of Windows

LM Compatibility Level

How to prevent rogue file servers from impersonating the SYSVOL share

How to better protect LDAP communications

How many members is recommended to have on high privilege groups such as Domains Admins, Schema Admins

PowerShell scripting

Must be able to understand what a script does and add specific requested functionality to it.

Kerberos interoperability with 3rd-party implementations

Must know what is a KEYTAB file and what it does

Must know which Encryption Types were and are supported nowadays

Must show deep understanding of how MIT Kerberos v5 works and interoperates with Active Directory

Credential Theft Mitigation

What LAPS provide, how it works, and its deployment options.

Must be able to explain the Enterprise access model (may mention the old way of splitting in Tier 0, 1, and 2 and what goes where

What Hashing Algorythms are no longer considered secure?

Why Wdigest is now obsolete and recommended to be disabled?

What is RestrictedAdmin Remote Desktop, what difference with Remote Credential Guard can be mentioned?

Must know how to prevent credential exposure on Windows systems, how to prevent Domain Admins from logging on untrusted computer.

DNS

How Dynamic Update works

What are the options from resolving names on separate namespaces and their main differences among them

What are the replication scopes for AD-Integrated zones

What zones are required

Active Directory Certificate Services (multi-layered PKI)

Deployment

What are roles available for Certificate Services, Web Enrollment, OCSP, NDES, others?

Be able to describe benefits for a 2-tier PKI, or the benefits for a 1-tier PKI

Upgrade to newer Windows Server versions

Must be able to describe the important pieces to export and import

Troubleshooting and Recovery

Must be able to describe the data that is verified before certificates are dimmed valid and trusted.

Security Hardening

Roles recommended to be separated

Must be able to talks about Key Lengths and recommended current values

PowerShell, Certutil, certreq command line management

How to request, approve/issue, retrieve certificates using such tools

PKI concepts

Trust Chain

Asymmetric Encryption versus Symmetric Encryption

Entra Connect and Cloud Sync

Deployment

When to use which?

Upgrade

Describe the process available

Troubleshooting and Recovery

What are Connectors

What is the Metaverse

Demonstrate how to follow an object from Active Directory to Entra ID throughout the synchronization engine.

Performance

How frequent can synchronization perform?

Security Hardening

Accounts or Security Principals involved or required, minimum permissions.

Where to install Entra Cloud agents

Where to install Entra Connect

PowerShell scripting

How to start synchronization cycle

Networking

Windows Defender Firewall configuration

Interaction with IPSec

Deploy rules from GPOs

Routing

What is NAT? mention some examples why it is used not between the Internet and a local network.

Is routing bidirectional or must be set up in both directions to work?

Must be able to tell the difference between \"Request Timed Out\" and \"Destination Host Unreachable\" when using ping

Network Packet Capture and Troubleshooting

Explain TCP 3-way handshake, how to see it in netstat.

Must be able to mention 2 data capture and analysis tools.

We accept applications for this position on an ongoing basis.

Location:

MEX Work-at-Home

Language Requirements:

Time Type:

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents