Job Specifications
Senior Active Directory Engineer
The Active Directory Engineer is responsible for the design, security, hygiene, and operational integrity of enterprise Active Directory environments. This role provides hands-on technical leadership for identity and access governance, directory security, and large-scale remediation initiatives across complex, multi-domain and multi-forest environments. The engineer acts as a senior escalation point, partners with application and system owners, and drives proactive improvements to reduce risk and strengthen authentication and authorization controls.
Key Focus Area
This role will play a critical part in improving Active Directory security posture through large-scale cleanup, remediation, and modernization efforts, with a strong emphasis on identity hygiene, access governance, and attack surface reduction.
Primary Responsibilities
Lead and execute enterprise Active Directory cleanup initiatives, including identification and remediation of stale users, groups, computers, service accounts, and orphaned permissions.
Drive identity hygiene and access governance efforts, ensuring least-privilege access and compliance with security standards across large AD environments.
Perform risk analysis and security assessments using PowerShell-based discovery and AD assessment tools to identify misconfigurations, excessive privileges, and security gaps.
Analyze, correlate, and report on directory data to support remediation efforts, including lifecycle tracking, validation of cleanup outcomes, and audit-ready documentation.
Build and maintain remediation dashboards and reports using Excel, SQL, directory exports, and logging platforms to measure progress and effectiveness.
Serve as a technical advisor to application and system owners, guiding remediation efforts related to authentication, authorization, and directory dependencies.
Provide architecture, implementation, and escalation support for Microsoft Active Directory and Windows-based systems across the enterprise.
Support enterprise security initiatives, policy enforcement, and directory hardening efforts.
Required Qualifications
5–7 years of Information Security experience, with 5+ years supporting and remediating large-scale Active Directory environments.
Proven hands-on experience with enterprise AD cleanups across multi-domain and multi-forest environments.
Strong expertise in identity hygiene, access governance, and directory security.
Advanced proficiency with PowerShell for discovery, analysis, and large-scale remote management.
Strong working knowledge of AD security assessment tools and frameworks used to reduce attack surface and enforce least privilege.
Advanced skills in data analysis, correlation, and reporting, including Excel, SQL, and directory exports.
Deep understanding of Active Directory administration and architecture, including authentication (on-prem and Azure), ACLs, and Group Policy security and hardening.
Ability to communicate effectively with technical and non-technical stakeholders.
Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience).
About the Company
EDZ Systems (EDZ) provides Intelligent Global IT Solutions, a proprietary Intelligent Resource Management System (Intelligent RMS) and Strategic Consulting Services worldwide, helping companies to optimize their people, projects, matters, engagements and results.
Our unique approach brings comprehensive skill sets, industry knowledge and a passion for technology to every project. A minority and woman owned business, our solid reputation has been established through more than 35 years of IT experience, effective communicat...
Know more