Our client, a well-known Law Firm in Washington, DC, is looking for a Cloud and Active Directory Engineer. In this role, you would ensure that the Firm designs and implements appropriate security controls for critical cloud and on-premise infrastructure. The Security Engineer operates a focused, thematic risk and control program that sets expectations for securing core platform services, including Active Directory (AD), Azure AD (AAD), and Active Directory Federation Services (ADFS). This highly technical role requires hands-on, collaborative work with stakeholders and IT implementers.
Duties and Responsibilities:
Lead, coordinate, and conduct on-premises Active Directory security assessments and cloud-based security assessments focused on Microsoft Azure.
Advise and assist process and asset owners with designing and implementing architecture enhancements and security configuration modifications to defend against identified threats and attacker techniques.
Provide subject-matter expertise with Active Directory identity protection, synchronization, and hybrid infrastructures.
Create detailed guides and tracking documents for Business and IT SMEs to leverage as part of Active Directory hardening and overall infrastructure enhancements.
Work across the IT teams to analyze and define security best practice requirements for Active Directory and Azure Active Directory integrations.
Regularly reports program progress to the Director of Security and Risk Oversight and other senior stakeholders as appropriate, using defined Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to highlight control adoption gaps, identify areas of strong or weak performance, or quantify risks, respectively.
Bachelor's degree in Computer Science or Engineering is strongly preferred; an advanced degree and CISSP certification are preferred.
Requires 12+ years experience in cybersecurity, with 5+ years of experience executing security advisory or oversight programs.
5+ years of enterprise experience in Hybrid Identity Platforms with a deep understanding of Cloud Identity and Security with at least five years of hands-on experience working with production workloads in a public or government cloud environment.
7+ years of on-premise enterprise Active Directory and 5+ years working in Active Azure Active Directory experience.
Expert working knowledge of Microsoft Active Directory, Azure Active Directory, Microsoft 365, and/or Office 365.
Experience with Azure and Active Directory security assessment, attack-path planning, and/or password auditing tools.
Thorough understanding of enterprise security controls in Microsoft Active Directory environments – including scalable architectures and risk reduction strategies.
Microsoft AZ-500 - Azure Security
Microsoft AZ-305 - Azure Architect
Microsoft SC-300 - IAM Administrator
Microsoft Certified: Cybersecurity Architect Expert