Active Directory Consultant
Core Skills
* Expert-level understanding of AD authentication protocols, including Kerberos, NTLM/NTLMv2, and LDAP/LDAPS.
* Demonstrated ability to reduce legacy or insecure authentication mechanisms (NTLM, simple/unsigned LDAP binds) across large, diverse application estates.
* Hands‑on experience with LDAP security hardening, such as enforcing LDAP Signing and Channel Binding, and migrating workloads to LDAPS or other secure bind methods.
* Strong troubleshooting capabilities across Windows authentication flows, including SPNs, ticketing, delegation, and common authentication failure patterns—with the ability to provide clear, actionable remediation guidance.
* Proven cross‑functional collaboration skills, driving alignment and change across application teams, infrastructure, and security stakeholders.
* Familiarity with relevant logging and diagnostic tools, such as Windows Security logs, AD diagnostics, and identity telemetry from Entra/Defender (where applicable).
* PowerShell scripting and automation proficiency to inventory authentication usage, monitor progress, and support enforcement phases.
* Experience leading enterprise‑scale change initiatives, following an audit ? remediation ? enforcement methodology with strong stakeholder management.
Desirable Skills
* Background in Microsoft security hardening, including domain controller baselines, Tiering models, and protecting privileged access pathways.
Key Workstreams Supported
* Migrating identity and authentication dependencies from Active Directory to Entra ID.
* Transitioning from on‑premises Microsoft PKI to a cloud‑based EGBCA SaaS certificate authority.
* Eliminating insecure authentication protocols and modernising the authentication landscape.
* Supporting and enhancing privileged access security controls across the environment.
#J-18808-Ljbffr