Senior Active Directory Engineer
Role details
Job location
Tech stack
Job description
- Review existing AD tiering policies and progress completed to date in collaboration with customer's stakeholders
- Finalise inventory and scope of remaining tiering-related activities
- Validate business and application ownership and confirm alignment with the AD tiering model
- Assess cross-tier system dependencies and associated risks
- Review and remediate service accounts and scheduled tasks
- Finalise technical configurations, deployment activities, risks, and mitigation plans
- Implement changes to server objects, Active Directory groups, and user configurations
- Validate functionality and access post-change"
Requirements
Our client seeking a strong Active Directory Specialist with hands-on technical experience and architectural insight, capable of assessing, designing, and remediating complex AD environments., Deep hands-on experience with Microsoft Active Directory
- Strong understanding of AD architecture, including forests, domains, trusts, sites, and replication
- Practical experience managing large, complex, enterprise AD environments
- Ability to operate confidently at both design and implementation levels
Active Directory architecture and design expertise
- Experience reviewing and defining AD target-state architectures
- Clear understanding of how AD design decisions impact security, operations, and scalability
- Strong knowledge of identity, authentication, and authorization flows
AD Tiering and security model expertise
-
Proven understanding of AD Tiering concepts (Tier 0, Tier 1, Tier 2)
-
Ability to assess environments for tiering misalignment and security risk
-
Experience designing and implementing tier-aware access models, including:
-
Privileged access segregation
-
Admin role separation
-
Secure administrative workstations (SAWs) or equivalent concepts
Organisational Unit (OU) structure design and analysis
-
Experience designing, rationalising, and refactoring OU structures
-
Strong understanding of OU-based:
-
Delegation models
-
Group Policy inheritance
-
Administrative boundaries
Ability to assess the operational and security impact of OU changes
Roles, delegation, and administrative model understanding
-
Strong knowledge of AD roles, permissions, and delegated administration
-
Ability to analyse existing role assignments, identify excessive privilege, and recommend remediation
-
Experience assessing and mitigating risks associated with:
-
Domain Admin usage
-
Delegated OU permissions
-
Service accounts and scheduled tasks
Gap analysis & assessment capability
- Ability to conduct structured gap analysis between:
- Current-state environment
- Target-state architecture and security standards
- Comfortable reviewing and analysing: Existing configurations, Operational practices &Security controls and exceptions
- Capable of producing clear findings, risks, and recommendations
Desirable Skills:
- Translate technical findings into clear recommendations for both technical and non-technical stakeholders
- Exposure to identity governance tools or controlled AD administration solutions (eg Active Roles, PAM/PIM tools)
- Understand the business and application impact of AD changes
- Work collaboratively with security, infrastructure, and application teams
- Produce implementation-ready designs, runbooks, and remediation plans
- Strong Communication skills to articulate and understand customer requirements
- Understanding of Azure Entra for the On-prem to Cloud AD object synchronisation
- Handon experience working with Collaborative tools Like Jira, Kanban, Azure Dev for updating the tasks
- Knowledge of ITSM process and tool BMC Remedy for logging and updating changes
Benefits & conditions
This is a hybrid role - you can work remotely in the UK and attend the London office 4 days per week .
This is a 6+ month temporary contract to start ASAP
Day rate: Competitive Market rate