Security - Active Directory Consultant
Core Skills
* Expert-level understanding of AD authentication protocols, including Kerberos, NTLM/NTLMv2, and LDAP/LDAPS.
* Demonstrated ability to reduce legacy or insecure authentication mechanisms (NTLM, simple/unsigned LDAP binds) across large, diverse application estates.
* Hands-on experience with LDAP security hardening, such as enforcing LDAP Signing and Channel Binding, and migrating workloads to LDAPS or other secure bind methods.
* Strong troubleshooting capabilities across Windows authentication flows, including SPNs, ticketing, delegation, and common authentication failure patterns—with the ability to provide clear, actionable remediation guidance.
* Proven cross-functional collaboration skills, driving alignment and change across application teams, infrastructure, and security stakeholders.
* Familiarity with relevant logging and diagnostic tools, such as Windows Security logs, AD diagnostics, and identity telemetry from Entra/Defender (where applicable).
* PowerShell scripting and automation proficiency to inventory authentication usage, monitor progress, and support enforcement phases.
* Experience leading enterprise-scale change initiatives, following an audit → remediation → enforcement methodology with strong stakeholder management.
Desirable Skills
* Background in Microsoft security hardening, including domain controller baselines, Tiering models, and protecting privileged access pathways.
Key Workstreams Supported
* Migrating identity and authentication dependencies from Active Directory to Entra ID.
* Transitioning from on-premises Microsoft PKI to a cloud-based EGBCA SaaS certificate authority.
* Eliminating insecure authentication protocols and modernising the authentication landscape.
* Supporting and enhancing privileged access security controls across the environment.