Job description
Active Directory Consultant
Core Skills
Desirable Skills
Key Workstreams Supported
Core Skills
- Expert-level understanding of AD authentication protocols, including Kerberos, NTLM/NTLMv2, and LDAP/LDAPS.
- Demonstrated ability to reduce legacy or insecure authentication mechanisms (NTLM, simple/unsigned LDAP binds) across large, diverse application estates.
- Hands-on experience with LDAP security hardening, such as enforcing LDAP Signing and Channel Binding, and migrating workloads to LDAPS or other secure bind methods.
- Strong troubleshooting capabilities across Windows authentication flows, including SPNs, ticketing, delegation, and common authentication failure patterns—with the ability to provide clear, actionable remediation guidance.
- Proven cross-functional collaboration skills, driving alignment and change across application teams, infrastructure, and security stakeholders.
- Familiarity with relevant logging and diagnostic tools, such as Windows Security logs, AD diagnostics, and identity telemetry from Entra/Defender (where applicable).
- PowerShell scripting and automation proficiency to inventory authentication usage, monitor progress, and support enforcement phases.
- Experience leading enterprise-scale change initiatives, following an audit ? remediation ? enforcement methodology with strong stakeholder management.
Desirable Skills
- Background in Microsoft security hardening, including domain controller baselines, Tiering models, and protecting privileged access pathways.
Key Workstreams Supported
- Migrating identity and authentication dependencies from Active Directory to Entra ID.
- Transitioning from on-premises Microsoft PKI to a cloud-based EGBCA SaaS certificate authority.
- Eliminating insecure authentication protocols and modernising the authentication landscape.
- Supporting and enhancing privileged access security controls across the environment.
