Job Description: Contributor IAM/Directory Services security engineer specializing in Tier 0 on-prem Active Directory. Owns domain controller hardening and security baselines, GPO administration, privileged access/delegation controls, and secure operation of AD dependencies (DNS, Kerberos/time, AD CS/PKI, trusts). Partners with SOC/SIEM teams to improve logging and audit readiness and supports AD security incident response and remediation. Required Skills & Experience Bachelor's degree in computer science, engineering, or a related field (or equivalent practical experience). 7+ years of experience with Windows Server and on-prem Active Directory (domain controller operations, replication, FSMO roles, trusts, Kerberos/LDAP). Experience securing AD dependencies: DNS, PKI/AD CS, and time synchronization; strong Windows authentication knowledge (Kerberos/LDAP/NTLM). Experience in enterprise IT operations or infrastructure teams, including change management and incident management for critical services. AD security expertise (attack paths, privileged access, legacy authentication risk) with experience implementing hardening and monitoring. Hybrid identity/PAM familiarity is a plus; primary focus is on-prem AD domain security.