Active Directory / IAM Security Consultant
Rate - £550p/d Outside IR35
Duration: 3 months (with potential extension)
Location: Hybrid / UK-based (on-site as required)
Overview
Our client is undertaking a major security improvement initiative across its hybrid identity estate, spanning on‑premises Active Directory and cloud identity platforms. We are seeking an experienced Active Directory / Identity Security Contractor to design and deliver a comprehensive least privilege programme, reducing cyber risk and aligning the organisation with modern security best practice.
This engagement is outcome-focused, not advisory. You will have autonomy over how the work is delivered, with responsibility for achieving tangible, auditable improvements to privileged access across the environment.
Key Responsibilities
You will be accountable for the end-to-end delivery of a least privilege programme, including:
* Discovery & Current State Analysis
* Assess on‑premises Active Directory forests, domains, trusts, and OU structures
* Review Entra ID (Azure AD) and integrated SaaS identity platforms
* Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures
* Identify excessive privilege, legacy configurations, and inherited risk
* Review privileged, service, and shared accounts
* Assess joiner / mover / leaver processes as they relate to access control
* Least Privilege Strategy & Target Architecture
* Define a pragmatic least privilege strategy and design principles
* Design an administrative tiering model
* Redesign role and group structures aligned to business functions
* Eliminate or redesign standing privileged access
* Introduce just‑in‑time / just‑enough access where feasible
* Align on‑prem and cloud privilege models
* Ensure designs support operational delivery and business continuity
* Implementation & Delivery
* Remediate excessive privilege and high‑risk configurations
* Redesign and implement groups, roles, and delegation models
* Refactor or migrate legacy administrative accounts
* Implement least privilege controls across on‑prem and cloud platforms
* Deliver changes incrementally to minimise operational risk
* Validate that business‑critical access requirements continue to be met
* Documentation & Knowledge Transfer
* Produce audit‑ready documentation covering:
o Target state architecture
o Design decisions and assumptions
o Operational runbooks and support guidance
o Ongoing governance and review processes
* Deliver structured knowledge‑transfer sessions to internal teams
Required Experience & Skills
Deep hands‑on expertise with Active Directory (on‑prem) in complex enterprise environments
Strong experience with Entra ID / Azure AD and hybrid identity models
Proven delivery of least privilege or privileged access reduction initiatives
Strong understanding of:
* Administrative tiering models
* Delegation and RBAC design
* Privileged, service, and shared account management
Experience remediating legacy or over‑privileged environments
Ability to work autonomously and deliver against agreed outcomes
Strong documentation and stakeholder communication skills
Nice to Have
* Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent)
* Background in security assurance, audit, or regulatory environments
* Experience delivering identity transformation in large distributed organisations
What We're Looking For
This role is ideal for a senior identity engineer or architect who enjoys hands‑on delivery, not just design. You should be comfortable making and implementing change in live environments, balancing security improvement with operational reality.
#J-18808-Ljbffr