Senior Active Directory Engineer
6 Month contract initially
Based: Hybrid, 4 days p/w onsite in London
Rate - £450 - £550 p/d via Umbrella
We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference.
Key Responsibilities
* Review existing AD tiering policies and progress completed to date in collaboration with customer's stakeholders
* Finalise inventory and scope of remaining tiering-related activities
* Validate business and application ownership and confirm alignment with the AD tiering model
* Assess cross-tier system dependencies and associated risks
* Review and remediate service accounts and scheduled tasks
* Finalise technical configurations, deployment activities, risks, and mitigation plans
* Implement changes to server objects, Active Directory groups, and user configurations
* Validate functionality and access post-change
Key Skills & Experience
Deep hands on experience with Microsoft Active Directory
* Strong understanding of AD architecture, including forests, domains, trusts, sites, and replication
* Practical experience managing large, complex, enterprise AD environments
* Ability to operate confidently at both design and implementation levels
Active Directory architecture and design expertise
* Experience reviewing and defining AD target state architectures
* Clear understanding of how AD design decisions impact security, operations, and scalability
* Strong knowledge of identity, authentication, and authorization flows
AD Tiering and security model expertise
* Proven understanding of AD Tiering concepts (Tier 0, Tier 1, Tier 2)
* Ability to assess environments for tiering misalignment and security risk
* Experience designing and implementing tier aware access models, including:
o Privileged access segregation
o Admin role separation
o Secure administrative workstations (SAWs) or equivalent concepts
Organisational Unit (OU) structure design and analysis
* Experience designing, rationalising, and refactoring OU structures
* Strong understanding of OU based:
o Delegation models
o Group Policy inheritance
o Administrative boundaries
* Ability to assess the operational and security impact of OU changes
Roles, delegation, and administrative model understanding
* Strong knowledge of AD roles, permissions, and delegated administration
* Ability to analyse existing role assignments, identify excessive privilege, and recommend remediation
* Experience assessing and mitigating risks associated with:
o Domain Admin usage
o Delegated OU permissions
o Service accounts and scheduled tasks
Gap analysis & assessment capability
* Ability to conduct structured gap analysis between:
o Current state environment
o Target state architecture and security standards
* Comfortable reviewing and analysing: Existing configurations, Operational practices & Security controls and exceptions
* Capable of producing clear findings, risks, and recommendations
Desirable skills/knowledge/experience
* Translate technical findings into clear recommendations for both technical and non‑technical stakeholders
* Exposure to identity governance tools or controlled AD administration solutions (e.g. Active Roles, PAM/PIM tools)
* Understand the business and application impact of AD changes
* Work collaboratively with security, infrastructure, and application teams
* Produce implementation‑ready designs, runbooks, and remediation plans
* Strong Communication skills to articulate and understand customer requirements
* Understanding of Azure Entra for the On‑prem to Cloud AD object synchronisation
* Hands on experience working with Collaborative tools Like Jira, Kanban, Azure Dev for updating the tasks
* Knowledge of ITSM process and tool BMC remedy for logging and updating changes
Inclusivity Statement
We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience.
#J-18808-Ljbffr