Active Directory / IAM Security Consultant

• Accountable for the end-to-end delivery of a least privilege programme
• Assess on-premises Active Directory forests, domains, trusts, and OU structures
• Review Entra ID (Azure AD) and integrated SaaS identity platforms
• Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures
• Identify excessive privilege, legacy configurations, and inherited risk
• Review privileged, service, and shared accounts
• Assess joiner/mover/leaver processes as they relate to access control
• Define a pragmatic least privilege strategy and design principles
• Design an administrative tiering model
• Redesign role and group structures aligned to business functions
• Eliminate or redesign standing privileged access
• Introduce just-in-time / just-enough access where feasible
• Align on-prem and cloud privilege models to support operational delivery and business continuity
• Remediate excessive privilege and high-risk configurations
• Redesign and implement groups, roles, and delegation models
• Refactor or migrate legacy administrative accounts
• Implement least privilege controls across on-prem and cloud platforms
• Deliver changes incrementally to minimise operational risk
• Validate that business-critical access requirements continue to be met
• Produce audit-ready documentation covering target state architecture, design decisions and assumptions, operational runbooks and support guidance, and ongoing governance and review processes
• Deliver structured knowledge-transfer sessions to internal teams

Technologies:

• Active Directory
• Azure
• Cloud
• Support
• RBAC
• Security
• Architect
• IAM

• Deep hands-on expertise with Active Directory (on-prem) in complex enterprise environments
• Strong experience with Entra ID / Azure AD and hybrid identity models
• Proven delivery of least privilege or privileged access reduction initiatives
• Strong understanding of administrative tiering models, delegation and RBAC design, and privileged, service, and shared account management
• Experience remediating legacy or over-privileged environments
• Ability to work autonomously and deliver against agreed outcomes
• Strong documentation and stakeholder communication skills
• Nice to Have: Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent)
• Nice to Have: Background in security assurance, audit, or regulatory environments
• Nice to Have: Experience delivering identity transformation in large distributed organisations