Active Directory Consultant

Active Directory Consultant Core Skills Expert-level understanding of AD authentication protocols, including Kerberos, NTLM/NTLMv2, and LDAP/LDAPS. Demonstrated ability to reduce legacy or insecure authentication mechanisms (NTLM, simple/unsigned LDAP binds) across large, diverse application estates. Hands-on experience with LDAP security hardening, such as enforcing LDAP Signing and Channel Binding, and migrating workloads to LDAPS or other secure bind methods. Strong troubleshooting capabilities across Windows authentication flows, including SPNs, ticketing, delegation, and common authentication failure patterns—with the ability to provide clear, actionable remediation guidance. Proven cross-functional collaboration skills, driving alignment and change across application teams, infrastructure, and security stakeholders. Familiarity with relevant logging and diagnostic tools, such as Windows Security logs, AD diagnostics, and identity telemetry from Entra/Defender (where applicable). PowerShell scripting and automation proficiency to inventory authentication usage, monitor progress, and support enforcement phases. Experience leading enterprise-scale change initiatives, following an audit ? remediation ? enforcement methodology with strong stakeholder management. Desirable Skills Background in Microsoft security hardening, including domain controller baselines, Tiering models, and protecting privileged access pathways. Key Workstreams Supported Migrating identity and authentication dependencies from Active Directory to Entra ID. Transitioning from on-premises Microsoft PKI to a cloud-based EGBCA SaaS certificate authority. Eliminating insecure authentication protocols and modernising the authentication landscape. Supporting and enhancing privileged access security controls across the environment.