AD Security & Authentication Engineer

Location Remote

Offer description

We’re seeking an Active Directory Security & Trust Engineer for a US-based project focused on AD hardening and trust remediation in large, multi-forest enterprise environments.
You’ll strengthen authentication, apply tiering models, and implement modern security controls to align with best practices and CIS standards.

Duties

Analyze multi-source security data Splunk to assess and execute Active Directory domain hardening and trust/security improvements.
Implement and tune tiering policies (Tier-0/1/2) and restrictive GPOs; remediate risky privileged access, cross-tier logons, and privileged group exposures.
Manage and optimize Active Directory trust relationships, including mapping cross-domain usage, identifying app/service dependencies, and implementing trust removals or conversions to one-way/selective authentication.
Align Domain Controllers with CIS baseline security standards, including encryption protocols and authentication methods; migrate away from legacy encryption (e.g., RC4) and reduce NTLMv1 usage.
Collaborate with domain and application owners to assess risks, plan change windows, validate remediation and trust changes, including fallback plans if needed.
Produce clear, actionable remediation plans and reports, track progress in SIEM and spreadsheets, and support verification and change management processes.

Required skills

4 years of experience in enterprise Active Directory engineering with strong focus on security hardening and trust/authentication management in multi-forest (over 50.000) identities environments.
Practical experience interpreting reports, Splunk logs and trust authentication paths.
In-depth knowledge of GPO, OU, privileged access models (Tier-0/1/2)
Strong understanding and working knowledge of authentication protocols including Kerberos, NTLM, encryption modes (RC4 vs AES), selective authentication, SID filtering, and constrained delegation.
PowerShell proficiency for querying, reporting, and automation of AD tasks.
Excellent communication skills to liaise effectively with technical teams, application owners, and management.

Nice to have: Hands-on experience with PingCastle and CrowdStrike tools.

What we offer

Opportunity to work with modern technologies.
A friendly work environment within a team of professionals.
Training and development in Microsoft solutions and security systems.
Growth through collaboration with a U.S.-based client and exposure to enterprise-scale security operations.
Hands-on learning of advanced tools such as CrowdStrike and PingCastle.
A rewarding and transparent commission system.
Sports package and private medical care.