AD Security & Authentication Engineer

Overview

We’re seeking an Active Directory Security & Trust Engineer for a US-based project focused on AD hardening and trust remediation in large, multi-forest enterprise environments. You’ll strengthen authentication, apply tiering models, and implement modern security controls to align with best practices and CIS standards.

• Analyze multi-source security data (Splunk) to assess and execute Active Directory domain hardening and trust/security improvements.
• Implement and tune tiering policies (Tier-0/1/2) and restrictive GPOs; remediate risky privileged access, cross-tier logons, and privileged group exposures.
• Manage and optimize Active Directory trust relationships, including mapping cross-domain usage, identifying app/service dependencies, and implementing trust removals or conversions to one-way/selective authentication.
• Align Domain Controllers with CIS baseline security standards, including encryption protocols and authentication methods; migrate away from legacy encryption (e.g., RC4) and reduce NTLMv1 usage.
• Collaborate with domain and application owners to assess risks, plan change windows, validate remediation and trust changes, including fallback plans if needed.
• Produce clear, actionable remediation plans and reports, track progress in SIEM and spreadsheets, and support verification and change management processes.

• 4 years of experience in enterprise Active Directory engineering with strong focus on security hardening and trust/authentication management in multi-forest environments (over 50,000 identities).
• Practical experience interpreting reports, Splunk logs and trust authentication paths.
• In-depth knowledge of GPO, OU, privileged access models (Tier-0/1/2).
• Strong understanding and working knowledge of authentication protocols including Kerberos, NTLM, encryption modes (RC4 vs AES), selective authentication, SID filtering, and constrained delegation.
• Power Shell proficiency for querying, reporting, and automation of AD tasks.
• Excellent communication skills to liaise effectively with technical teams, application owners, and management.

Nice to have: Hands-on experience with Ping Castle and Crowd Strike tools.

• Opportunity to work with modern technologies.
• A friendly work environment within a team of professionals.
• Training and development in Microsoft solutions and security systems.
• Growth through collaboration with a U.S.
  
  -based client and exposure to enterprise-scale security operations.
• Hands-on learning of advanced tools such as Crowd Strike and Ping Castle.
• A rewarding and transparent commission system.
• Sports package and private medical care.