Senior Active Directory Engineer to provide review, remediation, and hardening of on-premises Active Directory environment - 99341

Senior Active Directory Engineer to provide review, remediation, and hardening of on-premises Active Directory environment - 99341

Duration: 12 months

Work Location: Toronto (Hybrid, Tuesdays and 2nd Friday of the month)

Work Schedule - Monday - Friday, 9 am - 5 pm

Role Overview

We are seeking an experienced Active Directory Contractor to join our Identity Services team. You will be responsible for the review, remediation, and hardening of our on-premises Active Directory environment. This role requires deep expertise in AD architecture, replication, trust relationships, authentication protocols, and security controls. You will collaborate with technical and security teams to ensure the integrity, performance, and security of our directory infrastructure.

Key Responsibilities

Active Directory Architecture & Security:

• Assess, remediate, and optimize Active Directory forest and domain configurations.
• Design, implement, and manage forest and domain trusts, including external, parent-child, and filtered trusts.
• Implement and manage Group Policy Objects (GPOs) and authentication policies to enforce security and operational controls.
• Apply advanced security controls for privileged access, service accounts (including gMSA), and functional accounts.
• Harden domain controllers and Tier 0 servers using security best practices.
• Audit and remediate directory object permissions to enforce least privilege.
• Manage Kerberos protocol settings, ticket lifetimes, and address risks such as Kerberoasting and Golden/Silver Ticket threats.
• Review and restrict NTLM protocol usage, implement modern authentication protocols, and disable legacy authentication where possible.
• Support implementation of authentication enhancements such as Protected Users, authentication policies, and credential caching controls.

Operational Support & Troubleshooting:

• Provide third-level support for Active Directory incidents, including replication failures, authentication issues, and security events.
• Use diagnostic tools (e.g., repadmin, dcdiag, event logs) to monitor and troubleshoot AD health and infrastructure issues.
• Collaborate with Information Security and infrastructure teams to respond to vulnerabilities and audit findings.

Consultation & Collaboration:

• Act as a subject matter expert for Active Directory-related projects, migrations, and integrations.
• Advise on directory design, trust architecture, and integration with identity management platforms.
• Document technical solutions, remediation activities, and operational procedures.

Must Have Skills

1.) Hands-on experience with large-scale, multi-domain and multi Forest Active Directory environments. - 7+ years

2.) Deep understanding of AD forest/domain architecture, replication, sites and services and trust relationships.

3.) Experience with authentication protocols (ldap, Kerberos etc), ticket management, and protocol security. - 7+ years

4.) Experience with GPO design and deployment, authentication policy controls, and privileged access management. - 7+ years

5.) Strong background in directory hardening, incident response, and remediation of misconfigurations. - 7+ years

6.) Familiarity with monitoring, network capture and security assessment tools. 5 years

Nice to Have Skills

1.) Advanced PowerShell scripting for automation and AD management.

2.) Experience with service account management (including gMSA), credential protection, and identity lifecycle management.

Best vs average candidate: ideally a senior a senior active directory engineer, financial industry experience, experience in managing and driving implementation on their own, someone who can plan and strategize the implementation independently.

Disqualifiers: this is a backend infrastructure role, the candidate should of experience managing, installing and supporting domain controllers in a large environment .