Top Skills' Details 1. Ten (10) years professional work experience within the last twelve (12) years, as an IT Security Design specialists with recent experience supporting a public sector client to migrate their endpoint protection services to MS Defender. ** recent = last 5 years 2. 1+ projects in the last 5 years building out a roadmap, proof of concept and testing strategy to roll out cloud based solutions for managing endpoint protection, including modules for Antivirus, Managing Portable Storage Devices, Firewall filtration and Intrusion Prevention 3. Must hold Level II (Secret) Clearance Description 1.0 Microsoft Defender for Endpoint Client information: Health Canada (HC) is in need of an IT Security Design Specialist resource to support and re-configure the Microsoft Defender for Endpoint devices (MDE) at Health Canada (HC) running on the end-user provided devices. Also, the support and configuration of the Portable Storage Devices (PSD) restriction within Intune. Current State: Symantec Enterprise Endpoint Protection (SEP) currently active on desktops/laptops which provides: - Antivirus - Firewall/Filtration - Portable Storage Device (PSD) management - Intrusion Prevention HC has M365 E5 licences which includes Microsoft Defender for Endpoint (MDE), currently in passive (listen-only) mode because two active antivirus solutions cannot coexist. Future State: Retire Symantec for a couple reasons: - HC already has E5 licenses and other MS Products that perform the same functions as SEP which will cost them $650K per year starting Apr 2026 when SSC stops funding SEP licences - to align with SSC and TBS mandate for MS Defender as the active antivirus. https://www.canada.ca/en/government/system/digital-government/policies-standards/spin/migrating-government-canada-post-quantum-cryptography.html Scope: - Design and implement secure strategy and configurations for Microsoft Defender for Endpoint (MDE) in active mode. - Plan and execute retirement of Symantec Endpoint Protection (SEP) without introducing vulnerabilities. Need an intellectual approach (strategy, plan, PoC) rather than SSC’s suggestion of “rip and replace.” - Develop step-by-step migration plan, including PoC, risk mitigation, and rollback strategy. - Address SEP’s current functions (AV, firewall, USB manageability, IPS) with equivalent Microsoft solutions, eg. Intune for portable storage device governance. - current PSD governance only allows USB to power devices but does not allow data transfer without prior authorization 3.0 Objective: The outcome of the process is a series of activities and deliverables culminating in the establishment of Secure and robust IT solutions and services at HC. The role of this specific resource is for a Security Design Specialist working within a project team to assist with the secure strategy & configurations deliverables required for placing the MDE in active mode, and the removal of the Symantec Endpoint Protection (SEP) virus scan function. The HC team will provide the resource with IT equipment, accounts, and internal process guidance. 4.0 Tasks: Tasks include and are not limited to: • Every week, provide a timesheet clearly identifying the amounts of effort with which the client-led project was supported; • Participate in client-led project meetings as and when required; • Review and understand the MDE and SEP configuration deployments and configurations (as is) within HC; • Participate in technical discussions with HC Subject Matter Experts (SMEs) and MS SME focusing on SEP & MDE end state; • Develop and deliver a priority-based approach to retiring the SEP phase approach, and enabling MDE on all endpoint devices using best practices; • Develop a phased approach for deploying & managing our PSDs in the HC environment, using our client use cases; • Make recommendations and propose a high-level design(s) based on best practices; • Develop presentations on the approach for stakeholders and governance committees; • Provide high-level designs and other supporting documentation; Skills Security, Roadmap, Design, Firewall, Security architecture, Information security, antivirus, symantec endpoint protection, Defender, Symantec, Cyber security, Cloud, Azure, intune Additional Skills & Qualifications Specialization in cloud based Microsoft technologies for cybersecurity Experience Level Expert Level If you have any questions, please apply within. Job Type & Location This is a Contract position based out of Kanata, ON. Pay and Benefits The pay range for this position is $100.00 - $100.00/hr. Workplace Type This is a fully remote position. À propos de TEKsystems et TEKsystems Global Services Nous sommes un fournisseur de services aux entreprises et de technologies. Nous accélérons la transformation de nos clients. Notre compétence en stratégie, conception, exécution et opérations libère la valeur de l’entreprise par un éventail de solutions. Nous sommes une équipe de 80 000 personnes qui collaborent avec plus de 60 000 clients, notamment 80 % du Fortune 500 en Amérique du Nord, Europe et Asie, qui collaborent avec nous dans le cadre de nos capacités full-stack et notre rythme. Nous sommes des penseurs stratégiques, des collaborateurs pratiques qui aident les clients à exploiter le changement et maîtriser le dynamisme de la technologie. Nous bâtissons le futur en livrant les résultats et en créant un impact positif dans nos communautés mondiales. TEKsystems et TEKsystems Global Services sont des entreprises d’Allegis Group. Découvrez d’autres informations à TEKsystems.com. About TEKsystems and TEKsystems Global Services We’re a leading provider of business and technology services. We accelerate business transformation for our customers. Our expertise in strategy, design, execution and operations unlocks business value through a range of solutions. We’re a team of 80,000 strong, working with over 6,000 customers, including 80% of the Fortune 500 across North America, Europe and Asia, who partner with us for our scale, full-stack capabilities and speed. We’re strategic thinkers, hands-on collaborators, helping customers capitalize on change and master the momentum of technology. We’re building tomorrow by delivering business outcomes and making positive impacts in our global communities. TEKsystems and TEKsystems Global Services are Allegis Group companies. Learn more at TEKsystems.com. The company is an equal opportunity employer and will consider all applications without regard to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.