Senior AD​/ADSC Security Engineer

Position: Senior AD / ADSC Security Engineer
Work Location:

Fully Remote – PST Working Hours (BC based preferred, Canada-wide OK)

Hours:

Full Time (40hrs/week)

Start Date:

March 30th, 2026

Job#: 3022865

Senior AD / ADCS Security Engineer
Fully Remote

Contract Details

Contract Length: 6 Months (possible extensions available)

Work Location:

Fully Remote – PST Working Hours (BC based preferred, Canada-wide OK)

Hours:

Full Time (40hrs/week)

Start Date:

March 30th, 2026

Client Project Background
This is a 6-month security remediation engagement for a Canadian municipality (BC) following a penetration test and security assessment. The environment is a single on-prem Active Directory domain with Microsoft 365. The client lacks deep security expertise and internal capacity, particularly around identity, AD Certificate Services, and legacy protocol hardening. They need hands‑on execution combined with advisory guidance to safely remediate findings without disrupting operations.

Reason for Opening
The client is looking for a Senior‑Level AD / ADCS Security Engineer who can embed with the existing small IT team, confidently remediate findings hands‑on, guide impact analysis, and improve identity security posture — while operating within structured public sector governance.

Key Responsibilities

Remediate priority findings from recent penetration test

Harden Active Directory (single forest/domain) configuration

Remediate and harden Active Directory Certificate Services (ADCS), including:

Certificate template hardening

Broader ADCS configuration and operational best practices

Assess and remove legacy/insecure protocols (e.g., SMBv1)

Evaluate impact of changes on legacy applications before execution

Reduce Tier 0 exposure and domain admin sprawl

Help design privileged access controls (PAW strategy, admin segmentation, MFA leverage)

Work within client change management processes and obtain approvals

Provide risk guidance where full remediation is not immediately feasible

Skills & Experience

Strong hands‑on Active Directory engineering experience

Deep knowledge of ADCS, certificate templates, and PKI hardening

Experience remediating Kerberos vulnerabilities (e.g., Kerberoasting exposure)

Familiarity with legacy protocol decommissioning and application dependency analysis

Experience designing Tier 0 protections and privileged access models

Ability to blend advisory + execution (not purely architecture, not purely operations)

Comfortable operating in public sector / structured governance environments

Client Context

Canadian municipality (BC-based)

Public sector constraints: limited resources, formal change control

No dedicated cybersecurity leadership

Team lacks deep Security Subject Matter Expertise (SME)

Remote access restricted to within Canada

Key Focus Areas

Identity infrastructure hardening (on-prem AD focus)

ADCS risk reduction and operational maturity

Tier 0 security posture improvement

Privileged account governance and MFA optimization

Safe execution of security changes without operational disruption

Capacity augmentation + expertise augmentation

Apex Benefits Overview
Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers an HSA (Health Savings Account on the HDHP plan), a Support Linc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts.

In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach.

You can access a full list of our benefits, programs, support teams and resources within our…