100% Remote Active Directory Engineer
12 month contract, high possibility of extensions
JOB DESCRIPTION
Individual contributor IAM/Directory Services security engineer specializing in Tier 0 on-prem Active Directory. Owns domain controller hardening and security baselines, GPO administration, privileged access/delegation controls, and secure operation of AD dependencies (DNS, Kerberos/time, AD CS/PKI, trusts). Partners with SOC/SIEM teams to improve logging and audit readiness and supports AD security incident response and remediation.
REQUIRED SKILLS AND EXPERIENCE
• Bachelor’s degree in computer science, engineering, or a related field (or equivalent practical experience).
• 7+ years of experience with Windows Server and on-prem Active Directory (domain controller operations, replication, FSMO roles, trusts, Kerberos/LDAP).
• Experience securing AD dependencies: DNS, PKI/AD CS, and time synchronization; strong Windows authentication knowledge (Kerberos/LDAP/NTLM).
• Experience in enterprise IT operations or infrastructure teams, including change management and incident management for critical services.
• AD security expertise (attack paths, privileged access, legacy authentication risk) with experience implementing hardening and monitoring. Hybrid identity/PAM familiarity is a plus; primary focus is on-prem AD domain security.