Senior Active Directory Engineer
Our client, a leading global supplier for IT services, requires Senior Active Directory Engineer to be based at their client’s office in London, UK.
Se trata de un puesto híbrido: puedes trabajar a distancia en el Reino Unido y acudir a la oficina de Londres cuatro días a la semana.
This is a 6+ month temporary contract to start asa
Tarifa diaria: Tarifa competitiva del mercado
Our client is seeking a strong Active Directory Specialist with hands‑on technical experience and architectural insight, capable of assessing, designing, and remediating complex AD environments
Responsabilidades clave
- Review existing AD tiering policies and progress completed to date in collaboration with customer’s stakeholders
- Finalise inventory and scope of remaining tiering-related activities
- Validate business and application ownership and confirm alignment with the AD tiering model
- Assess cross-tier system dependencies and associated risks
- Review and remediate service accounts and scheduled tasks
- Finalise technical configurations, deployment activities, risks, and mitigation plans
- Implement changes to server objects, Active Directory groups, and user configurations
- Validate functionality and access post-change”
Requisitos clave
Habilidades esenciales:
Deep hands‑on experience with Microsoft Active Directory
- Strong understanding of AD architecture, including forests, domains, trusts, sites, and replication
- Practical experience managing large, complex, enterprise AD environments
- Ability to operate confidently at both design and implementation levels
Active Directory architecture and design expertise
- Experience reviewing and defining AD target‑state architectures
- Clear understanding of how AD design decisions impact security, operations, and scalability
- Strong knowledge of identity, authentication, and authorization flows
AD Tiering and security model expertise
- Proven understanding of AD Tiering concepts (Tier 0, Tier 1, Tier 2)
- Ability to assess environments for tiering misalignment and security risk
- Experience designing and implementing tier‑aware access models, including:
- Privileged access segregation
- Admin role separation
- Secure administrative workstations (SAWs) or equivalent concepts
Organisational Unit (OU) structure design and analysis
- Experience designing, rationalising, and refactoring OU structures
- Strong understanding of OU‑based:
- Delegation models
- Group Policy inheritance
- Administrative boundaries
- Ability to assess the operational and security impact of OU changes
Roles, delegation, and administrative model understanding
- Strong knowledge of AD roles, permissions, and delegated administration
- Ability to analyse existing role assignments, identify excessive privilege, and recommend remediation
- Experience assessing and mitigating risks associated with:
- Domain Admin usage
- Delegated OU permissions
- Service accounts and scheduled tasks
Gap analysis & assessment capability
- Ability to conduct structured gap analysis between:
- Current‑state environment
- Target‑state architecture and security standards
- Comfortable reviewing and analysing: Existing configurations, Operational practices &Security controls and exceptions
- Capable of producing clear findings, risks, and recommendations
Habilidades deseables:
- Translate technical findings into clear recommendations for both technical and non‑technical stakeholders
- Exposure to identity governance tools or controlled AD administration solutions (e.g. Active Roles, PAM/PIM tools)
- Understand the business and application impact of AD changes
- Work collaboratively with security, infrastructure, and application teams
- Produce implementation‑ready designs, runbooks, and remediation plans
- Strong Communication skills to articulate and understand customer requirements
- Understanding of Azure Entra for the On-prem to Cloud AD object synchronisation
- Handon experience working with Collaborative tools Like Jira, Kanban , Azure Dev for updating the tasks
- Knowledge of ITSM process and tool BMC remedy for logging and updating changes
Condiciones especiales de trabajo:
- Night shift depending on the change scheduled
Debido al volumen de solicitudes recibidas, lamentablemente no podemos responder a todas ellas.
Si no recibe respuesta por nuestra parte en un plazo de 7 días tras enviar su solicitud, considere que, en esta ocasión, su solicitud no ha sido aceptada.
No dejes de visitar nuestra página web https://projectrecruit.com/jobs/ para estar al tanto de futuras ofertas de empleo.
