Endpoint Analyst / End User Application Architect

Axiom Technologies is an Australia-based entity with a history of providing Managed IT solutions to medium to large-scale enterprises globally. Please visit our website for more information about what we do at www.axiomtechnologies.com
The Endpoint Analyst / End User Application Architect will be responsible for discovering, analyzing, and remediating application hardening processes across the organization. This role focuses on ensuring the security and compliance of web browsers, office suites, PDF software, and related applications by implementing the most restrictive configurations aligned with ASD and vendor guidelines. The specialist will review current implementations, identify gaps and risks, and prioritize remediation efforts to strengthen cybersecurity posture.

Key Responsibilities:

• Capture and implement the most restrictive configurations for web browsers, office productivity suites, and PDF software under ASD and vendor hardening guidance.
• Review existing implementation statuses of relevant applications.
• Confirm and document the use of Internet Explorer 11 within the environment.
• Document current processes related to PowerShell module logging, script block logging, and transcription events.
• Perform current state analyses of new controls and configurations.
• Ensure command line process creation events are centrally logged and protected from unauthorized modification or deletion.
• Analyze event logs from internet-facing servers to detect cybersecurity events promptly.
• Identify, document, and address gaps in controls, policies, and configurations.
• Assess risks associated with non-compliance and prioritize remediation efforts accordingly.
• Review exceptions where restrictive controls are not applied, validating the adequacy of compensating controls.
• Assess and implement Microsoft recommended Blocklist (MRB) across workstations.
• Conduct Business Impact Assessments to evaluate operational impacts of MRB-listed application blocks.

Internal and General Use Responsibilities:

• Validate current ‘LOLBAS’ blocking coverage against the MRB to ensure alignment.
• Develop and implement compensating controls for applications that cannot be blocked operationally.
• Document all changes related to MRB implementation, ensuring alignment with Essential Eight ML2 requirements for audit readiness.
• Extract and analyze application usage data from Microsoft Defender to monitor compliance.
• Implement continuous monitoring to ensure MRB remains current and effective against emerging vulnerabilities.
• Apply MRB blocking rules considering role-based access control (RBAC) for different user groups, including privileged and standard users.

Required Skills & Experience:

• Proven experience in system hardening, security auditing, or compliance frameworks.
• Familiarity with the ASD Essential Eight and Microsoft security baselines.
• Strong knowledge of Windows event logging and PowerShell security features.
• Experience with configuration management tools such as Intune, Group Policy, or similar.
• Excellent documentation, analytical, and problem-solving skills.
• Familiarity with ITIL processes, particularly change and incident management.
• Strong verbal and written communication skills

What next?

If you are looking for the next challenge in your career and wish to apply for this role, please forward your resume to [email protected]