Key Responsibilities
Active Directory Security & Health
- Perform comprehensive Active Directory health checks, including domain controllers, replication, trust relationships, and security posture.
- Identify vulnerabilities, misconfigurations, and risk exposure within AD environments.
AD Hardening & Security Architecture
- Drive end-to-end AD hardening initiatives aligned with industry best practices and Microsoft security recommendations.
- Design and implement tiered AD architecture models (Tier 0/1/2) and privileged access controls.
Group Policy (GPO) Optimization
- Conduct GPO review and clean-up, eliminating redundant or conflicting policies.
- Standardize GPOs aligned with security baseline and compliance requirements.
Secure Migration & Transformation Planning
- Design and execute migration plans for AD hardening, including:
- Secure LDAP (LDAPS) enablement
- SMB signing implementation
- NTLM hardening and mitigation of NTLM relay attacks
- Legacy protocol decommissioning
Standard Operating Environment (SOE) Review
- Perform security assessment of SOE across servers and endpoints.
- Recommend and implement security controls aligned with enterprise standards.
Microsoft Security Baseline I mplementation
- Implement and enforce Microsoft Security Baselines, covering:
- Windows Servers
- User Endpoints (Windows 10/11)
- Ensure alignment with CIS/Microsoft recommended configurations.
Documentation & Governance
- Develop detailed documentation including:
- AD architecture diagrams
- Hardening guidelines
- Migration and remediation plans
- Support audit, compliance, and governance requirements.
Required Skills & Expertise
Core Technical Skills
- Strong expertise in:
- Active Directory (AD DS, DNS, Group Policy)
- AD security hardening techniques
- Identity and access security controls
- Hands-on experience with:
- LDAPS, Kerberos, NTLM controls
- Privileged Access Management (PAM) concepts
- AD auditing and monitoring tools
Security & Architecture
- Experience in enterprise security architecture design
- Understanding of:
- Zero Trust principles
- Identity security frameworks
- Microsoft security ecosystem (Defender, Entra ID, etc.)
Baseline & Compliance
- Implementation of:
- Microsoft Security Baselines
- CIS benchmarks
- Experience with compliance frameworks (ISO 27001, NIST, etc.)