ThreatLocker Specialist

Celestica -
Guindy, Chennai, Tamil Nadu

Apply Now

Job details

2 days ago

Qualifications

Microsoft Windows Server
System administration
Azure
Software troubleshooting
Windows
Information security
Linux
Cybersecurity
Network engineering
CompTIA Security+
PowerShell
Active Directory
Help desk

Full job description

09 - Senior Specialist, Information Security
Req ID: 137491
Remote Position: Hybrid
Hiring Manager: Paul Stanners
Band: 09
Region: Asia
Country: India
State/Province: Chennai
City: Guindy, Chennai

Summary

This role is critical for ensuring endpoint application control remains secure and usable for engineering teams, particularly by acting as a dedicated support function during the stabilization phase of a "Default-Deny" rollout.

In this role, you will be responsible for designing, implementing, auditing, and maintaining ThreatLocker policies across our organization (and/or client environments). You will play a critical role in preventing ransomware, malware, and unauthorized software execution by managing Application Whitelisting (Allowlisting), Ringfencing, Storage Control, and Elevation Control.

The ideal candidate has a strong background in system administration or cybersecurity, possess a deep understanding of Windows operating systems, and is passionate about achieving a true Zero Trust security posture.

Key Responsibilities

ThreatLocker Administration & Management

Policy Creation & Tuning: Design, implement, and maintain ThreatLocker Application Allowlisting policies to ensure only authorized software can execute.
Ringfencing: Configure and manage Ringfencing policies to restrict what authorized applications can do (e.g., stopping PowerShell from talking to the internet or blocking Word from launching cmd.exe).
Elevation Control: Implement and manage least-privilege access, creating rules for users to run specific applications as administrators without granting full local admin rights.
Storage Control: Define and enforce policies for securing USB drives, network shares, and local files against unauthorized access or data exfiltration.
Manage allowlisting, Learning Mode, and temporary exceptions.

Monitoring, Auditing & Incident Response

Approval Queue Management: Monitor and process daily ThreatLocker approval requests from users efficiently, balancing security with operational productivity.
Learning Mode Audits: Review, analyze, and baseline new endpoints during the "Learning Mode" phase to ensure seamless transitions to "Secured Mode."
Log Analysis & Reporting: Investigate blocked files, denied executions, and policy violations. Use ThreatLocker audit logs to identify potential security incidents or shadow IT.
Integration: Collaborate with the SOC/SIEM team to forward ThreatLocker logs and integrate them into the broader security monitoring ecosystem.
Triage blocked applications, scripts, DLLs, and installers.
Track service metrics to ensure business productivity.

Maintenance & Strategy

Environment Maintenance: Keep ThreatLocker agents updated across all endpoints and servers.
Testing & Validation: Test software updates and patch deployments in a sandbox environment to ensure they comply with existing ThreatLocker rules before company-wide rollout.
Documentation: Maintain clear, up-to-date documentation of standard operating procedures (SOPs), policy exceptions, and approval workflows.
Maintain Ringfencing and policy standards.

Required Experience

ThreatLocker Expertise: Minimum of 3 years of hands-on experience specifically managing, configuring, and troubleshooting ThreatLocker in a production environment.
IT/Cybersecurity Background: 3+ years of experience in System Administration, Helpdesk Tier 3, Network Engineering, or a Cybersecurity operations role.
OS Proficiency: Deep, foundational knowledge of Windows OS (Registry, File Systems, Services, Active Directory, and Group Policy). Experience with macOS or Linux is a strong plus.
Scripting: Basic familiarity with PowerShell or Command Prompt for troubleshooting and automation.

Knowledge/Skills/Competencies

Soft Skills

Analytical Thinking: Ability to dissect complex application dependencies (e.g., figuring out why a niche accounting software was blocked by a specific DLL file).
Customer-Centric Communication: Ability to explain security restrictions to non-technical staff diplomatically and find ways to enable business operations safely.
Attention to Detail: Zero Trust requires precision; a misplaced rule can either cause a security gap or halt business operations.

Preferred Certifications (A Plus, Not Required)

ThreatLocker Professional or ThreatLocker Expert certifications.
CompTIA Security+, CySA+, or Network+.
Microsoft Certified: Windows Server or Azure Administrator.

Physical Demands

Duties are primarily performed in an office environment but may require occasional on-call availability and emergency response.
Extended periods of sitting, as well as visual concentration on security dashboards, logs, and reports.

Notes

This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.

Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.

Apply Now

Summary

Key Responsibilities

Required Experience

Knowledge/Skills/Competencies

Physical Demands

Notes

Jobseeker tools

Employer Tools

Browse

Stay Connected