Security Engineer

• The mission covers all Active Directory forests and domains, as well as all processes and tools related to privileged access and identity governance.
• Improve the PingCastle security score.
• Support in selecting and Implementing new PAM Solution

Main purposes

1. Active Directory Hardening

• Assess and enhance the current security posture of Active Directory.
• Identify and remediate key technical weaknesses detected by PingCastle.
• Eliminate legacy components and protocols (e.g., Windows Server 2003/2008, DES-enabled accounts, NTLMv1, LM).
• Implement secure authentication and password policies.
• Review and clean up GPOs, apply least privilege principles, and align configurations with Microsoft security baselines.

2. Privileged Access Management (PAM)

• Implement a structured PAM framework.
• Enforce the Principle of Least Privilege (PoLP) and Role-Based Privilege Assignment. Implement Access Isolation.
• Establish Periodic Access Reviews (e.g., quarterly).
• Define and implement an Authorization Process (standardized, auditable approval workflow).
• Implement Just-in-Time (JIT) Access for temporary privilege elevation.
• Enforce the Four-Eyes Principle for critical privileged actions.

3. Documentation, Reporting, and Governance

• Develop a detailed remediation and implementation roadmap (AD + PAM).
• Document all technical actions (initial state, final configuration, scripts/tools used).
• Deliver regular progress reports (weekly or bi-weekly).
• Produce a final report summarizing actions, residual risks, and recommendations.

Collaboration: The expert will operate as part of the Security Team, collaborating closely with AD administrators, IAM specialists, and infrastructure engineers. (Presence required 3 days on site and 2 days remote).

Key Performance indicators

• Achievement and improvement of the target PingCastle security score for Active Directory.
• Successful and complete implementation and governance of the PAM framework components (e.g., PoLP, JIT, Four-Eyes Principle).
• On-time delivery of AD/PAM remediation documentation and reports.
• Contribution to the analysis and implementation of the Microsoft Tiering Model.

• Proven experience in Active Directory architecture, security, and hardening.
• Strong expertise in Privileged Access Management (PAM) and Microsoft Tiering Model.
• Proficiency with PowerShell, PingCastle, ADManager, and Splunk.
• Familiarity with Privileged Access Workstations (PAWs), RBAC, and IAM integration.
• Solid understanding of service account security and least privilege enforcement.

Soft Skills:

• Strong collaboration skills within multidisciplinary teams.
• High documentation standards and structured working approach.
• Analytical mindset, attention to detail, and communication clarity.
• Ability to lead or participate in workshops (RBAC, PAM, governance design).