Active Directory / IAM Security Consultant

You will be accountable for the end-to-end delivery of a least privilege programme, including:

Discovery & Current State Analysis

Assess on-premises Active Directory forests, domains, trusts, and OU structures Review Entra ID (Azure AD) and integrated SaaS identity platforms Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures Identify excessive privilege, legacy configurations, and inherited risk Review privileged, service, and shared accounts Assess joiner / mover / leaver processes as they relate to access control Least Privilege Strategy & Target Architecture

Define a pragmatic least privilege strategy and design principles Design an administrative tiering model Redesign role and group structures aligned to business functions Eliminate or redesign standing privileged access Introduce just-in-time / just-enough access where feasible Align on-prem and cloud privilege models Ensure designs support operational delivery and business continuity Implementation & Delivery

Remediate excessive privilege and high-risk configurations Redesign and implement groups, roles, and delegation models Refactor or migrate legacy administrative accounts Implement least privilege controls across on-prem and cloud platforms Deliver changes incrementally to minimise operational risk Validate that business-critical access requirements continue to be met Documentation & Knowledge Transfer

Produce audit-ready documentation covering:

Target state architecture Design decisions and assumptions Operational runbooks and support guidance Ongoing governance and review processes

Deep hands-on expertise with Active Directory (on-prem) in complex enterprise environments Strong experience with Entra ID / Azure AD and hybrid identity models Proven delivery of least privilege or privileged access reduction initiatives Strong understanding of:

Administrative tiering models Delegation and RBAC design Privileged, service, and shared account management

Experience remediating legacy or over-privileged environments Ability to work autonomously and deliver against agreed outcomes Strong documentation and stakeholder communication skills Nice to Have

Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent) Background in security assurance, audit, or regulatory environments Experience delivering identity transformation in large distributed organisations What We're Looking For

This role is ideal for a senior identity engineer or architect who enjoys hands-on delivery, not just design. You should be comfortable making and implementing change in live environments, balancing security improvement with operational reality

Our client is undertaking a major security improvement initiative across its hybrid identity estate, spanning on-premises Active Directory and cloud identity platforms. We are seeking an experienced Active Directory / Identity Security Contractor to design and deliver a comprehensive least privilege programme, reducing cyber risk and aligning the organisation with modern security best practice. This engagement is outcome-focused, not advisory. You will have autonomy over how the work is delivered, with responsibility for achieving tangible, auditable improvements to privileged access across the environment.