VP, Active Directory & Entra ID Engineer, Technology Group

Location:Singapore

Job Function:Technology Group

Job Type:Permanent

Req ID:17039

GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the worlds industry leaders. As a leading global long-term investor we Work at the Point of Impact for Singapores financial future and the communities we invest in worldwide.

Technology Group
The Technology Group (TG) is a key enabler to keep our business moving forward and is constantly exploiting state-of-the-art information technologies to enhance GICs ability to be the leading global long-term investment firm. We aim to provide users with empowering and transformational capabilities and to create an inclusive innovative and integrated work environment.

What impact can you make in this role

What will you do as an VP Active Directory & Entra ID Engineer

• Design secure and manage hybrid identity environmentsacross on-prem Active Directory and Entra ID (Azure AD) to ensure resilience integrity and threat resistance.
• Define and implement a clean compliant target statefor identity and access management (IAM) aligning AD and Entra ID security with enterprise IAM processes and governance.
• Conductthreat modelling and exposure assessmentsfor both AD and Entra ID to identify and mitigate identity attack paths.
• Implement and maintain Tier 0 (Privileged Access) controls aligned with Microsofts Enterprise Access Model (EAM) and Zero Trust principles.
• Harden AD forests domains and trust relationships as well as Entra ID tenants to prevent privilege escalation domain compromise and lateral movement.
• Design and managePrivileged Access Workstations (PAWs)and enforce administrative boundaries for Tier 0 and Tier 1 assets.
• Develop and maintainPowerShell and Graph API automation frameworksto:
• Audit and report AD and Entra ID configurations permissions and delegations.
• Enforce baseline hardening and compliance controls.
• Automate remediation monitoring and hygiene tasks.
• Support AD Forest recovery and Entra ID incident responseautomation to improve recovery time objectives (RTO).
• Design and implementAD Forest RecoveryandEntra ID tenant recoveryplans perform automated recovery drills and build operational readiness for cyberattack or ransomware scenarios.
• Manage and secureOrganizational Unit (OU)delegation models andEntra ID administrative unitsfollowing least-privilege principles.
• Manage and hardenGroup Policy Objects (GPOs)andConditional Access Policiesto enforce security baselines and prevent policy abuse.
• Collaborate with IAM teamsto integrate AD and Entra ID workflows (e.g. provisioning deprovisioning access reviews) into enterprise identity lifecycle processes.
• Collaborate with Red Team Penetration Testing and SOC teams to identify vulnerabilities validate attack paths and remediate exposures.
• Simulate and analyseidentity-based attack scenarios(e.g. DCSync DCShadow Golden/Silver Ticket Pass-the-Hash Kerberoasting token replay and consent phishing).
• IntegrateThreat Detection and Responsecapabilities within SOC operations and SIEM tools (e.g. Microsoft Sentinel Splunk QRadar).
• SupportPrivileged Access Management (PAM)solutions such as CyberArk BeyondTrust or Thycotic to enforce Just-in-Time (JIT) and Just-Enough Access (JEA).
• Maintain detailed documentation baselines recovery guides and post-assessment reports to enhance hybrid identity security and resilience posture.

What qualifications or skills should you possess in this role

• Bachelors or Masters in Computer Science Cybersecurity or related field.
• Minimum of 5 years in AD security engineering
• Deep expertise in Active Directory internals (replication Kerberos LDAP DNS GPO) and Entra ID architecture (Conditional Access Identity Protection PIM App Registrations and Connect).
• Proven experience in AD and Entra ID hardening Tier 0 protection trust management and privileged access isolation.
• Hands-on experience in hybrid identity design including synchronization federation and secure integration with SaaS applications.
• Experience integrating AD and Entra ID with enterprise IAM processes including provisioning deprovisioning and access governance workflows.
• Strong experience in OU and Entra ID administrative unit design delegation and access control aligned with least-privilege principles.
• Advanced knowledge in GPO and Conditional Access policy management including security baselining auditing and change control.
• Expert-level PowerShell scripting and Graph API automation for auditing reporting and enforcing identity configurations.
• Experience collaborating with Red Teams and Penetration Testing Teams to simulate attacks and strengthen defences.
• Proficiency with AD and Entra ID security tools such as BloodHound / PingCastle / PurpleKnight / ADRecon / PowerView / Microsoft Defender for Identity.
• Knowledge of Privileged Access Management (PAM) solutions and SIEM integration for identity threat detection.
• Strong understanding of Zero Trust and EAM principles as applied to hybrid identity environments.

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious agile and diverse teams - be empowered to push boundaries and pursue innovative ideas share your views and be anchored on our PRIME Values: Prudence Respect Integrity Merit and Excellence which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC our offices are vibrant hubs for ideation professional growth and interpersonal connection. At the same time we believe that flexibility allows us to do our best work and be our best selves. Thus our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer
As an employer we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Technology Group here:
Experience:

Exec