Requirements

Expected technologies

Active Directory

Optional technologies

PingCastle

CrowdStrike

Our requirements

• 4 years of experience in enterprise Active Directory engineering with strong focus on security hardening and trust/authentication management in multi-forest (over 50.000) identities environments.
• Practical experience interpreting reports, Splunk logs and trust authentication paths.
• In-depth knowledge of GPO, OU, privileged access models (Tier-0/1/2)
• Strong understanding and working knowledge of authentication protocols including Kerberos, NTLM, encryption modes (RC4 vs AES), selective authentication, SID filtering, and constrained delegation.
• PowerShell proficiency for querying, reporting, and automation of AD tasks.
• Excellent communication skills to liaise effectively with technical teams, application owners, and management.

Optional

• Hands-on experience with PingCastle and CrowdStrike tools.

Your responsibilities

• Analyze multi-source security data Splunk to assess and execute Active Directory domain hardening and trust/security improvements.
• Implement and tune tiering policies (Tier-0/1/2) and restrictive GPOs; remediate risky privileged access, cross-tier logons, and privileged group exposures.
• Manage and optimize Active Directory trust relationships, including mapping cross-domain usage, identifying app/service dependencies, and implementing trust removals or conversions to one-way/selective authentication.
• Align Domain Controllers with CIS baseline security standards, including encryption protocols and authentication methods; migrate away from legacy encryption (e.g., RC4) and reduce NTLMv1 usage.
• Collaborate with domain and application owners to assess risks, plan change windows, validate remediation and trust changes, including fallback plans if needed.
• Produce clear, actionable remediation plans and reports, track progress in SIEM and spreadsheets, and support verification and change management processes.