Active Directory Security Engineer
Position Summary
BITSUMMIT is seeking an experienced Active Directory Security Engineer to support a professional services engagement focused on remediating security gaps identified during an Active Directory and Entra ID security assessment. This is a hands-on technical role requiring deep expertise in Active Directory security, identity governance, and enterprise remediation initiatives.
The successful consultant will work collaboratively with another AD Engineer to remediate critical and high-severity security findings related to privileged access, account lifecycle management, password policies, and credential hygiene within a defined T&M engagement.
Duration of this contract is for January 2025.
Job Description
Privileged Access Remediation
- Review and remediate privileged group memberships, including Domain Admins, Enterprise Admins, and Schema Admins.
- Remove unnecessary elevated access and document approved exceptions with appropriate business justification.
- Execute KRBTGT password rotations using a validated two-phase methodology with rollback planning.
- Address Directory Services Restore Mode (DSRM) credential configuration and security gaps.
Account Lifecycle Management
- Identify and coordinate the cleanup of inactive user accounts in collaboration with business stakeholders.
- Implement and enforce expiration policies for contractor and temporary accounts.
- Remediate accounts configured with non-expiring passwords in alignment with organizational standards.
- Document remediation activities and establish repeatable account maintenance procedures.
Password & Credential Hygiene
- Align Fine-Grained Password Policies (FGPPs) with corporate security requirements.
- Provide guidance on Microsoft Entra service principal credential rotation and lifecycle management.
- Develop LAPS (Local Administrator Password Solution) deployment guidance and supporting documentation.
Documentation & Knowledge Transfer
- Create detailed remediation runbooks and operational procedures.
- Document all changes, including pre-change and post-change states with rollback considerations.
- Conduct structured knowledge transfer sessions with IT teams.
- Submit accurate weekly timesheets and status updates.
Required Experience
Experience
- Demonstrated hands-on experience administering and securing Active Directory environments.
- Proven experience supporting enterprise identity security remediation initiatives.
- Practical experience performing KRBTGT password rotations in production environments.
- Background implementing least-privilege models and privileged access controls.
- Experience managing user and service account lifecycles, including deprovisioning and policy enforcement.
Technical Skills
- Expert-level knowledge of Active Directory architecture, replication, and security controls.
- Strong understanding of Kerberos authentication and common attack techniques (e.g., Golden Ticket, Silver Ticket).
- Proficiency with PowerShell for Active Directory administration, remediation, and reporting.
- Experience working with Group Policy Objects (GPOs) and Fine-Grained Password Policies.
- Knowledge of LAPS deployment and administration.
- Familiarity with Microsoft Entra ID and hybrid identity architectures.
- Exposure to Active Directory security assessment and analysis tools such as PingCastle, Purple Knight, and BloodHound.
Certifications (Preferred)
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Security Operations Analyst Associate
- Microsoft Certified: Azure Security Engineer Associate
- CISSP, CISM, or equivalent security certifications
Professional Skills
- Strong written and verbal communication skills.
- Ability to explain technical remediation steps to non-technical stakeholders.
- High attention to detail, particularly in documentation and change tracking.
- Self-directed with the ability to operate independently in a remote consulting environment.
- Prior experience in client-facing professional services or consulting roles.
Interested candidates should submit:
- A current resume highlighting relevant Active Directory security experience
- A brief cover letter outlining experience with similar remediation initiatives
- A list of relevant certifications
- Availability to start
What we Offer
Work alongside experienced practitioners on real-world security engagements.BITSUMMIT values practical expertise, clear execution, and respectful collaboration.
Hiring Process
We believe that finding the right talent is key to our success. At BITSUMMIT, our hiring process is designed to ensure a smooth and transparent experience for all candidates, where we focus on skill, passion, and cultural fit. Here's how our process works:
- Initial Application Review
Once we receive your resume, our recruitment team will carefully review your experience and qualifications to determine if your skills align with the role. - First Interview: Getting to know You
In this stage, you’ll have a conversation with our hiring manager to dive deeper into your background, interests, and how your experience can contribute to BITSUMMIT’s success. - Technical Assessment
If your profile matches, we’ll invite you to complete a technical assessment. This helps us evaluate your problem-solving skills and approach to design challenges. - Final Interview: Meet the Team
The final stage involves meeting our leadership and project teams. This will be a chance for you to see if we’re the right fit for your career aspirations, and for us to understand how you’ll thrive in our community.
Real-time Support
Our team is ready to answer your questions. Please fill out the information to schedule a call.
24/7 HELP LINE
+1 833 489 2262
MESSAGE OUR EXPERTS
intake@bitsummit.com
*For immediate assistance, call our 24/7 helpline.
Follow our social media channels; we are a supportive community sharing meaningful content.