×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Windows Server Systems Administrator Disaster Recovery IT

L3 Active Directory Engineer – Identity Security; IAM, PAM, AD DS

Job in Vancouver, BC, Canada
Listing for: Astra-North Infoteck Inc. ~ Conquering today’s challenges, achieving tomorrow’s vision!
Full Time position
Listed on 2026-06-19
Job specializations:
  • IT/Tech
    Cybersecurity, Windows Server, Systems Administrator, Disaster Recovery IT
Job Description & How to Apply Below
Position: L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)

Senior Active Directory L3 Support Engineer

Work Model:
Hybrid – 4 Days Work From Office

Job Summary

We are seeking an experienced Senior Active Directory L3 Support Engineer to strengthen and modernize enterprise Active Directory services across production and disaster recovery environments. The ideal candidate will have extensive experience in Active Directory administration, infrastructure modernization, identity security, and Power Shell automation while supporting highly available and secure enterprise environments. The role will focus on Active Directory modernization, security hardening, privileged access remediation, Group Policy optimization, and Zero Trust initiatives.

Key Responsibilities Active Directory Infrastructure & Modernization
  • Deploy and configure additional Domain Controllers across production and disaster recovery environments.
  • Replace legacy Windows Server 2016 Domain Controllers with modern infrastructure while minimizing business disruption.
  • Support Active Directory platform modernization initiatives.
  • Implement network segmentation to align with Zero Trust architecture and reduce lateral movement risks.
  • Maintain Active Directory health including replication, DNS integration, authentication services, and Group Policy processing.
Security Hardening & Identity Protection
  • Implement Extended Protection for Authentication (EPA).
  • Enforce SSL/TLS for privileged Active Directory services.
  • Configure SMB Signing to prevent NTLM relay attacks.
  • Disable NTLMv1 and enforce LDAP Signing and LDAPS.
  • Implement Kerberos Hardening and secure delegation controls.
  • Remediate excessive privilege findings including:
    • Admin Count issues
    • Missing ACL protections
    • Protected Users enrollment
    • GPO-based security exposures
  • Strengthen privileged account management and password policies.
  • Identify and remediate insecure account configurations.
Group Policy & Compliance
  • Harden enterprise Group Policy configurations.
  • Enable Power Shell logging and advanced audit policies.
  • Configure secure encryption standards and Remote Desktop settings.
  • Review and remediate LDAP, authentication, and domain security weaknesses.
  • Document implementation standards, remediation plans, and operational procedures for audit compliance.
Collaboration & Operational Support
  • Partner with Infrastructure, Security, and Application teams during security remediation projects.
  • Support controlled production deployments and change management activities.
  • Participate in infrastructure upgrades and domain controller migration projects.
  • Automate administrative tasks using Power Shell scripting.
Required Skills
  • Extensive experience administering Active Directory Domain Services (AD DS) in enterprise environments.
  • Strong knowledge of:
    • Active Directory Administration
    • Domain Controllers
    • Active Directory Replication
    • DNS
    • Group Policy (GPO)
    • Authentication protocols
    • Disaster Recovery
  • Hands‑on experience implementing:
    • Extended Protection for Authentication (EPA)
    • LDAP Signing
    • LDAPS
    • Kerberos Hardening
    • SMB Signing
    • Privileged Account Protection
  • Experience with:
    • Active Directory Certificate Services (AD CS)
    • Active Directory Web Services (ADWS)
    • Windows Server Hardening
    • Identity Security Remediation
  • Strong Power Shell scripting and automation skills.
  • Experience executing infrastructure modernization and Active Directory migration projects.
  • Ability to analyze and remediate privilege escalation paths and identity security risks.
Preferred Qualifications
  • Experience supporting highly regulated enterprise environments.
  • Knowledge of:
    • Zero Trust Architecture
    • Privileged Access Management (PAM)
    • Cyber Ark
    • Identity Security Assessments
    • Audit & Compliance
    • Change Management
  • Microsoft certifications related to Windows Server, Active Directory, Security, or Identity Administration are highly desirable.
Required Technologies
  • Active Directory Domain Services (AD DS)
  • Active Directory Administration
  • Domain Controllers
  • Active Directory Replication
  • DNS
  • Group Policy (GPO)
  • LDAP Signing
  • LDAPS
  • Kerberos
  • SMB Signing
  • Extended Protection for Authentication (EPA)
  • Power Shell
  • Windows Server
  • Active Directory Certificate Services (AD CS)
  • Active Directory Web Services (ADWS)
  • Disaster Recovery
  • Identity Security
Nice to Have
  • Cyber Ark
  • Privileged Access Management (PAM)
  • Zero Trust Security
  • Infrastructure Modernization
  • Audit & Compliance
  • Identity Governance
#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search