Please Note: I will look to review candidates headed into tomorrow morning / early afternoon.
Job Description: The Windows Active Directory Engineer is responsible for stabilizing securing and modernizing the enterprise Active Directory environment with a strong focus on directory cleanup identity hygiene replication health and security hardening. This role ensures AD remains healthy compliant resilient and aligned with Zero Trust identity principles across on prem and hybrid cloud environments
Key Responsibilities
1. Active Directory Cleanup & Optimization
Perform comprehensive AD cleanup including stale objects unused OUs orphaned SIDs legacy GPOs and deprecated configurations.
Normalize and restructure OU hierarchy naming standards and attribute consistency.
Identify and remediate duplicate SPNs conflicting UPNs and misconfigured service accounts.
Clean up old domain controllers decommission legacy forests/domains and remove deprecated trust relationships.
Conduct ACL cleanup to eliminate excessive permissions and privilege creep.
2. AD Security Hardening & Identity Protection
Implement CIS/NIST/Microsoft security baselines for domain controllers and AD objects.
Harden authentication by reducing NTLM enforcing Kerberos protections and implementing authentication policies/silos.
Deploy and maintain Privileged Access Workstations (PAW) and tiered admin model (Tier 0/1/2).
Remediate identity vulnerabilities such as DC Sync exposure unconstrained delegation Golden Ticket risks and weak ACLs.
Integrate AD logs with SIEM platforms (Sentinel Splunk QRadar) for continuous monitoring.
Implement secure service account management including gMSA adoption and rotation policies.
3. AD Replication Health & Domain Controller Management
Monitor and maintain AD replication topology site links and inter site connectivity.
Maintain detailed documentation of AD topology GPOs replication and security configurations.
Develop identity governance standards naming conventions and lifecycle processes.
Provide recommendations for AD modernization consolidation and long term stability.
Participate in audits compliance reviews and security assessments.
Required Skills & Experience
5 10 years of hands on experience with Active Directory DNS DHCP GPO and Windows Server.
Deep expertise in AD cleanup replication troubleshooting and security hardening.
Strong PowerShell skills for automation and bulk remediation.
Experience with Azure AD / Entra ID hybrid identity and AAD Connect.
Familiarity with SIEM identity threat detection and AD attack paths.
Understanding of Kerberos NTLM LDAP SAML OAuth and modern auth.
Title Windows Active Directory Engineer 100% Remote Please Note: I will look to review candidates headed into tomorrow morning / early afternoon. Job Description: The Windows Active Directory Engineer is responsible for stabilizing securing and modernizing the enterprise Active Director...
Title Windows Active Directory Engineer
100% Remote
Please Note: I will look to review candidates headed into tomorrow morning / early afternoon.
Job Description: The Windows Active Directory Engineer is responsible for stabilizing securing and modernizing the enterprise Active Directory environment with a strong focus on directory cleanup identity hygiene replication health and security hardening. This role ensures AD remains healthy compliant resilient and aligned with Zero Trust identity principles across on prem and hybrid cloud environments
Key Responsibilities
1. Active Directory Cleanup & Optimization
Perform comprehensive AD cleanup including stale objects unused OUs orphaned SIDs legacy GPOs and deprecated configurations.
Normalize and restructure OU hierarchy naming standards and attribute consistency.
Identify and remediate duplicate SPNs conflicting UPNs and misconfigured service accounts.
Clean up old domain controllers decommission legacy forests/domains and remove deprecated trust relationships.
Conduct ACL cleanup to eliminate excessive permissions and privilege creep.
2. AD Security Hardening & Identity Protection
Implement CIS/NIST/Microsoft security baselines for domain controllers and AD objects.
Harden authentication by reducing NTLM enforcing Kerberos protections and implementing authentication policies/silos.
Deploy and maintain Privileged Access Workstations (PAW) and tiered admin model (Tier 0/1/2).
Remediate identity vulnerabilities such as DC Sync exposure unconstrained delegation Golden Ticket risks and weak ACLs.
Integrate AD logs with SIEM platforms (Sentinel Splunk QRadar) for continuous monitoring.
Implement secure service account management including gMSA adoption and rotation policies.
3. AD Replication Health & Domain Controller Management
Monitor and maintain AD replication topology site links and inter site connectivity.