Active Directory Security Engineer


Active Directory Security Engineer
Freelance / Contractor

Active Directory Security Engineer


  • 5+ years of hands-on AD infrastructure security review and maintenance
  • Familiarity with industry standards such as CIS benchmarks and Microsoft recommended best practices
  • Understand negative operational impact of security practices
  • Able to demonstrate how some security vulnerabilities can be exploited – for example, perform a live demo showing how privilege escalation might work, and explain how to mitigate against the issue that allowed it.
  • Familiarity with Splunk as a log aggregation platform – recommended but not required


  • Perform AD – 2012/2016 forest - security hardening tasks based on industry best practices. These include:
    • Recommend and assist with the implementation of patches and best security practices – working hand-in-hand with System Administrators.
    • Recommend and then implement process and structural changes, for example the creation of a red forest, changes to authentication methods, etc.
    • Review current system administration processes, recommend and create more secure practices as appropriate.
    • Review AD object permissions and follow up with internal stakeholders on privilege reduction.
    • Supervise movement away from old protocols such as SMBv1
    • Create a process to periodically reset krbtgt hash
    • Discover bad practices, for example user accounts that are used as service accounts, password for the same account being shared among different users, a server that’s effectively used as a workstation, etc.

to apply email [email protected]


More Jobs