Active Directory Engineer

By /
  • Temporary
  • London
  • Negotiable GBP / Year

Active Directory Engineer

Our client, a leading global supplier for IT services, requires Active Directory Engineer to be based at their client’s office in London, UK.

This is a hybrid role – you can work remotely in the UK and attend the London office 3 days per week .

This is a 6+ month temporary contract to start asap

Day rate: Competitive Market rate

The Active Directory Engineer will be responsible for designing, managing, and securing the organization’s identity and directory services, including Active Directory (AD), Azure Active Directory/Entra ID, and related identity management platforms. This role ensures a highly secure, scalable, and resilient identity infrastructure supporting authentication, authorization, and secure access across premises and cloud environments.

The engineer will also work closely with Cyber Security teams to implement compliance controls, enforce security best practices, and maintain alignment with regulatory frameworks such as CIS Controls. The ideal candidate has a strong background in directory services engineering, identity lifecycle management, privileged access controls, and security hardening.

Key Responsibilities

Active Directory Administration & Engineering

  • Manage, maintain, and enhance Active Directory domains, forests, trusts, and OU structures.
  • Oversee DNS, DHCP, Group Policy Objects (GPO), Sites & Services, replication, and domain controller health.
  • Support AD schema changes, functional level upgrades, and domain controller deployments/migrations.
  • Perform AD health checks, performance tuning, and issue remediation.

Azure AD / Entra ID Identity Management

  • Manage hybrid identity configurations, AAD Connect, cloud sync, and SSO integrations.
  • Implement Conditional Access policies, MFA, identity protection, and secure authentication mechanisms.
  • Support application integration with Azure AD using OAuth, SAML, OpenID Connect.
  • Administer roles, permissions, and access governance in Entra ID.

Security Hardening & Compliance

  • Implement security benchmarks, including CIS Controls, Microsoft Security Baselines, and NIST recommendations.
  • Enforce least privilege, role‑based access control (RBAC), privileged access management (PAM), and secure admin models (Tier 0/Tier 1).
  • Manage DLP, identity governance, lifecycle workflows, and access reviews.
  • Conduct AD and AAD security assessments, vulnerability reviews, and risk remediation.

Identity Lifecycle & Access Governance

  • Support user provisioning, deprovisioning, access role design, and group management processes.
  • Automate identity workflows using PowerShell and Microsoft Identity solutions.
  • Manage service accounts, privileged accounts, and password policies.
  • Work with HR and application teams to streamline identity lifecycle operations.

Incident Response & Troubleshooting

  • Investigate authentication failures, account lockouts, replication issues, and access anomalies.
  • Support incident response for identity‑related threats such as credential theft, brute‑force attacks, and privilege escalation.
  • Perform root‑cause analysis and implement preventive solutions.

Operational Excellence

  • Maintain documentation, SOPs, architectural diagrams, and security runbooks.
  • Support DR/BCP testing for identity infrastructure and contribute to resilience improvements.
  • Evaluate Microsoft roadmap updates and implement new identity/security features.
  • Participate in infrastructure and security audits, presenting evidence and remediation plans.

Collaboration & Stakeholder Engagement

  • Work closely with Security, Infrastructure, Network, DevOps, and Application teams.
  • Communicate identity-related risks, incidents, and design considerations to technical and non‑technical audiences.
  • Provide guidance on identity and authentication best practices across projects.

Key Requirements

  • 8+ years hands‑on experience administering Active Directory in enterprise environments.
  • Strong understanding of:
    • AD domain/forest architecture
    • GPO management and troubleshooting
    • DNS/DHCP
    • AD replication, LDAP, Kerberos, NTLM
  • Expertise in Azure AD/Entra ID identity governance and access management.
  • Strong PowerShell scripting skills for automation and identity operations.
  • Knowledge of security compliance frameworks such as ISO27001, GDPR, CIS Controls, NIST, and enterprise governance models.
  • Experience with hybrid identity, AAD Connect, and secure authentication methods (MFA, SSO).
  • Familiarity with privileged access management (PAM) or PIM solutions.
  • Strong troubleshooting and incident-response skills.
  • Deep knowledge of Active Directory architecture including domains, forests, trusts, and OU design.
  • Strong understanding of authentication protocols: Kerberos, NTLM, LDAP, SAML, OAuth, OpenID Connect.
  • Expertise in DNS, DHCP, Sites & Services, replication, and domain controller health management.
  • Advanced experience managing GPO creation, troubleshooting, and hardening.
  • Hands-on experience with Group Policy Preferences, login scripts, and AD permissions.

Due to the volume of applications received, unfortunately we cannot respond to everyone.

If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.

Please do keep an eye on our website https://projectrecruit.com/jobs/ for future roles.

Upload your CV/resume or any other relevant file. Max. file size: 50 MB.

London | Frankfurt | Dublin | New York | Québec  Singapore | Hong Kong | Mumbai | Bangkok | Manila

Grow Your Global Team Confidently!

We deliver high-quality onboarding, payroll and compliance services across 130+ countries, supporting both employees and contingent workers. Our premium solutions ensure you hire, manage and pay compliantly – without compromise.

Resources

About

Policies

Copyright © 2024 Project Global

project global logo
Global Payroll Association
payroll org no background
cyber essentials certified logo
Project Global
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.