AD Security & Authentication Engineer

AD Security & Authentication Engineer Location Remote Offer description We’re seeking an Active Directory Security & Trust Engineer for a US-based project focused on AD hardening and trust remediation in large, multi-forest enterprise environments. You’ll strengthen authentication, apply tiering models, and implement modern security controls to align with best practices and CIS standards. Duties - Analyze multi-source security data Splunk to assess and execute Active Directory domain hardening and trust/security improvements. - Implement and tune tiering policies (Tier-0/1/2) and restrictive GPOs; remediate risky privileged access, cross-tier logons, and privileged group exposures. - Manage and optimize Active Directory trust relationships, including mapping cross-domain usage, identifying app/service dependencies, and implementing trust removals or conversions to one-way/selective authentication. - Align Domain Controllers with CIS baseline security standards, including encryption protocols and authentication methods; migrate away from legacy encryption (e.g., RC4) and reduce NTLMv1 usage. - Collaborate with domain and application owners to assess risks, plan change windows, validate remediation and trust changes, including fallback plans if needed. - Produce clear, actionable remediation plans and reports, track progress in SIEM and spreadsheets, and support verification and change management processes. Required skills - 4 years of experience in enterprise Active Directory engineering with strong focus on security hardening and trust/authentication management in multi-forest (over 50.000) identities environments. - Practical experience interpreting reports, Splunk logs and trust authentication paths. - In-depth knowledge of GPO, OU, privileged access models (Tier-0/1/2) - Strong understanding and working knowledge of authentication protocols including Kerberos, NTLM, encryption modes (RC4 vs AES), selective authentication, SID filtering, and constrained delegation. - PowerShell proficiency for querying, reporting, and automation of AD tasks. - Excellent communication skills to liaise effectively with technical teams, application owners, and management. Nice to have: Hands-on experience with PingCastle and CrowdStrike tools. What we offer - Opportunity to work with modern technologies. - A friendly work environment within a team of professionals. - Training and development in Microsoft solutions and security systems. - Growth through collaboration with a U.S.-based client and exposure to enterprise-scale security operations. - Hands-on learning of advanced tools such as CrowdStrike and PingCastle. - A rewarding and transparent commission system. - Sports package and private medical care. Last modified Monday, October 27, 2025