Active Directory Consultant

• Expert-level understanding of AD authentication protocols, including Kerberos, NTLM/NTLMv2, and LDAP/LDAPS.
• Demonstrated ability to reduce legacy or insecure authentication mechanisms (NTLM, simple/unsigned LDAP binds) across large, diverse application estates.
• Hands-on experience with LDAP security hardening, such as enforcing LDAP Signing and Channel Binding, and migrating workloads to LDAPS or other secure bind methods.
• Strong troubleshooting capabilities across Windows authentication flows, including SPNs, ticketing, delegation, and common authentication failure patterns-with the ability to provide clear, actionable remediation guidance.
• Proven cross-functional collaboration skills, driving alignment and change across application teams, infrastructure, and security stakeholders.
• Familiarity with relevant logging and diagnostic tools, such as Windows Security logs, AD diagnostics, and identity telemetry from Entra/Defender (where applicable).
• PowerShell scripting and automation proficiency to inventory authentication usage, monitor progress, and support enforcement phases.
• Experience leading enterprise-scale change initiatives, following an audit ? remediation ? enforcement methodology with strong stakeholder management.

Desirable Skills

• Background in Microsoft security hardening, including domain controller baselines, Tiering models, and protecting privileged access pathways.

Key Workstreams Supported

• Migrating identity and authentication dependencies from Active Directory to Entra ID.
• Transitioning from on-premises Microsoft PKI to a cloud-based EGBCA SaaS certificate authority.
• Eliminating insecure authentication protocols and modernising the authentication landscape.
• Supporting and enhancing privileged access security controls across the environment.