100% Remote Active Directory Engineer 12 month contract, high possibility of extensionsJOB DESCRIPTION Individual contributor IAM/Directory Services security engineer specializing in Tier 0 on-prem Active Directory. Owns domain controller hardening and security baselines, GPO administration, privileged access/delegation controls, and secure operation of AD dependencies (DNS, Kerberos/time, AD CS/PKI, trusts). Partners with SOC/SIEM teams to improve logging and audit readiness and supports AD security incident response and remediation.REQUIRED SKILLS AND EXPERIENCE • Bachelor's degree in computer science, engineering, or a related field (or equivalent practical experience). • 7+ years of experience with Windows Server and on-prem Active Directory (domain controller operations, replication, FSMO roles, trusts, Kerberos/LDAP). • Experience securing AD dependencies: DNS, PKI/AD CS, and time synchronization; strong Windows authentication knowledge (Kerberos/LDAP/NTLM). • Experience in enterprise IT operations or infrastructure teams, including change management and incident management for critical services. • AD security expertise (attack paths, privileged access, legacy authentication risk) with experience implementing hardening and monitoring. Hybrid identity/PAM familiarity is a plus; primary focus is on-prem AD domain security.