VP, Active Directory Engineer, Technology Group

Singapore - Singapore

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Location:Singapore

Job Function:Technology Group

Job Type:Permanent

Req ID:16859

GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the worlds industry leaders. As a leading global long-term investor we Work at the Point of Impact for Singapores financial future and the communities we invest in worldwide.

Technology Group
The Technology Group (TG) is a key enabler to keep our business moving forward and is constantly exploiting state-of-the-art information technologies to enhance GICs ability to be the leading global long-term investment firm. We aim to provide users with empowering and transformational capabilities and to create an inclusive innovative and integrated work environment.

What impact can you make in this role

We are seeking a highly experienced Senior Active Directory (AD) Security Engineer to focus on securing hardening and automating enterprise Active Directory environments ensuring robust Tier 0 protection privileged access controls trust hardening OU/GPO security and cyber resilience. The engineer will work closely with Red Teams Penetration Testing and Threat Detection functions to identify attack paths simulate AD-based threats automate recovery capabilities and continuously strengthen the enterprise AD security posture.

What will you do as an VP Active Directory Engineer

Design secure and manage enterprise-scale Active Directory environments to ensure resilience integrity and threat resistance.

Implement and maintain Tier 0 (Privileged Access) controls aligned with Microsofts Enterprise Access Model (EAM) and Zero Trust principles.

Harden AD forests domains and trust relationships to prevent privilege escalation domain compromise and lateral movement.

Design and manage Privileged Access Workstations (PAWs) and enforce administrative boundaries for Tier 0 and Tier 1 assets.

Develop and maintain PowerShell automation frameworks to:

- Audit and report AD configuration permissions and delegation.

- Enforce baseline hardening and compliance controls.

- Automate remediation monitoring and hygiene tasks.

Support AD forest recovery and validation scripts to improve RTO (Recovery Time Objective).

Design and implement AD Forest Recovery plans perform automated recovery drills and build operational readiness for cyberattack or ransomware scenarios.

Manage and secure Organizational Unit (OU) delegation models following least-privilege principles.

Manage and harden Group Policy Objects (GPOs) to enforce security baselines prevent policy abuse and maintain configuration integrity.

Collaborate with Red Team Penetration Testing and SOC teams to identify vulnerabilities validate attack paths and remediate exposures.

Simulate and analyze Active Directory attack scenarios (DCSync DCShadow Golden/Silver Ticket Pass-the-Hash Kerberoasting).

Conduct AD threat modeling and exposure assessments using tools like BloodHound PingCastle ADRecon and PowerView.

Integrate Threat Detection and Response capabilities within SOC operations and SIEM tools (e.g. Microsoft Sentinel Splunk QRadar).

Support Privileged Access Management (PAM) solutions such as CyberArk BeyondTrust or Thycotic to enforce Just-in-Time (JIT) and Just-Enough Access (JEA).

Maintain detailed documentation baselines recovery guides and post-assessment reports to enhance AD security and resilience posture.

What qualifications or skills should you possess in this role

Bachelors or Masters in Computer Science Cybersecurity or related field.
Minimum of 5 years in AD security engineering
Deep expertise in Active Directory internals including replication Kerberos LDAP DNS and Group Policy management.
Proven experience in AD hardening Tier 0 protection trust management and privileged access isolation.
Hands-on experience in AD forest recovery design automation and periodic recovery drills to enhance RTO and cyber resilience.
Strong experience in OU design delegation and access control aligned with least-privilege principles.
Advanced knowledge in GPO management including security baselining auditing and change control.
Expert-level PowerShell scripting and automation for auditing reporting and enforcing AD configurations.
Experience collaborating with Red Teams and Penetration Testing Teams to simulate attacks and strengthen defences.
Proficiency with AD security tools such as BloodHound PingCastle PurpleKnight ADRecon PowerView and DSInternals.
Knowledge of Privileged Access Management (PAM) solutions and SIEM integration for identity threat detection.
Strong understanding of Zero Trust and EAM principles as applied to on-prem AD environments.

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious agile and diverse teams - be empowered to push boundaries and pursue innovative ideas share your views and be anchored on our PRIME Values: Prudence Respect Integrity Merit and Excellence which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC our offices are vibrant hubs for ideation professional growth and interpersonal connection. At the same time we believe that flexibility allows us to do our best work and be our best selves. Thus our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer
As an employer we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Technology Group here:
Experience:

Exec

Location:SingaporeJob Function:Technology GroupJob Type:PermanentReq ID:16859GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives y...