Active directory / iam security consultant

Solihull
Security consultant
£100,000 - £110,000 a year
Posted: 8h ago
Offer description

Salary: £100,000 - 110,000 per year Requirements: Deep hands-on expertise with Active Directory (on-prem) in complex enterprise environments Strong experience with Entra ID / Azure AD and hybrid identity models Proven delivery of least privilege or privileged access reduction initiatives Strong understanding of administrative tiering models, delegation and RBAC design, and privileged, service, and shared account management Experience remediating legacy or over-privileged environments Ability to work autonomously and deliver against agreed outcomes Strong documentation and stakeholder communication skills Nice to Have: Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent) Nice to Have: Background in security assurance, audit, or regulatory environments Nice to Have: Experience delivering identity transformation in large distributed organisations Responsibilities: Accountable for the end-to-end delivery of a least privilege programme Assess on-premises Active Directory forests, domains, trusts, and OU structures Review Entra ID (Azure AD) and integrated SaaS identity platforms Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures Identify excessive privilege, legacy configurations, and inherited risk Review privileged, service, and shared accounts Assess joiner/mover/leaver processes as they relate to access control Define a pragmatic least privilege strategy and design principles Design an administrative tiering model Redesign role and group structures aligned to business functions Eliminate or redesign standing privileged access Introduce just-in-time / just-enough access where feasible Align on-prem and cloud privilege models to support operational delivery and business continuity Remediate excessive privilege and high-risk configurations Redesign and implement groups, roles, and delegation models Refactor or migrate legacy administrative accounts Implement least privilege controls across on-prem and cloud platforms Deliver changes incrementally to minimise operational risk Validate that business-critical access requirements continue to be met Produce audit-ready documentation covering target state architecture, design decisions and assumptions, operational runbooks and support guidance, and ongoing governance and review processes Deliver structured knowledge-transfer sessions to internal teams Technologies: Active Directory Azure Cloud Support RBAC Security Architect IAM More: We are a forward-thinking company undertaking a major security improvement initiative across our hybrid identity estate. We seek an experienced Active Directory / Identity Security Contractor to design and deliver a comprehensive least privilege programme, aiming to reduce cyber risk and align our organization with modern security best practices. This hybrid role offers flexibility with potential for on-site collaboration as needed. We value autonomy and accountability in achieving tangible improvements to privileged access, providing a dynamic environment for skilled professionals. last updated 6 week of 2026

Apply
Create E-mail Alert
Job alert activated
Saved
Save
See more jobs
Similar jobs
Security jobs in Solihull
jobs Solihull
jobs West Midlands
jobs England
Apply
Create E-mail Alert
Job alert activated
Saved
Save