GIC is looking for a VP, Active Directory & Entra ID Engineer. You will be responsible for securing, hardening, and automating our enterprise Active Directory and Entra ID environments to ensure robust Tier 0 protection, privileged access controls, and cyber resilience. You will work closely with Red Teams and Threat Detection functions to identify attack paths, simulate threats, and continuously strengthen our hybrid identity security posture.
What You'll Do
- Design, secure, and manage hybrid identity environments across on-prem Active Directory and Entra ID to ensure resilience and threat resistance.
- Define and implement a clean, compliant target state for identity and access management, aligning AD and Entra ID security with enterprise IAM processes.
- Conduct threat modelling and exposure assessments for both AD and Entra ID to identify and mitigate identity attack paths.
- Implement and maintain Tier 0 controls aligned with Microsoft’s Enterprise Access Model and Zero Trust principles.
- Harden AD forests, domains, and trust relationships, as well as Entra ID tenants, to prevent privilege escalation and lateral movement.
- Design and manage Privileged Access Workstations and enforce administrative boundaries for Tier 0 and Tier 1 assets.
- Develop and maintain PowerShell and Graph API automation frameworks to audit, report on, and enforce AD and Entra ID configurations and hardening.
- Support AD Forest recovery and Entra ID incident response automation to improve recovery time objectives.
- Design and implement AD Forest Recovery and Entra ID tenant recovery plans and perform automated recovery drills.
- Manage and secure Organizational Unit delegation models and Entra ID administrative units following least-privilege principles.
- Manage and harden Group Policy Objects and Conditional Access Policies to enforce security baselines.
- Collaborate with IAM teams to integrate AD and Entra ID workflows into enterprise identity lifecycle processes.
- Collaborate with Red Team, Penetration Testing, and SOC teams to identify vulnerabilities, validate attack paths, and remediate exposures.
- Simulate and analyse identity-based attack scenarios such as DCSync, Golden Ticket attacks, and Kerberoasting.
- Integrate Threat Detection and Response capabilities within SOC operations and SIEM tools.
- Support Privileged Access Management solutions to enforce Just-in-Time and Just-Enough Access.
- Maintain detailed documentation, baselines, recovery guides, and post-assessment reports.
What We're Looking For
- Bachelor’s or Master’s in Computer Science, Cybersecurity, or a related field.
- A minimum of 5 years in AD security engineering.
- Deep expertise in Active Directory internals and Entra ID architecture.
- Proven experience in AD and Entra ID hardening, Tier 0 protection, trust management, and privileged access isolation.
- Hands-on experience in hybrid identity design, including synchronization, federation, and secure SaaS integration.
- Experience integrating AD and Entra ID with enterprise IAM processes, including provisioning and access governance.
- Strong experience in OU and Entra ID administrative unit design, delegation, and access control aligned with least-privilege.
- Advanced knowledge in GPO and Conditional Access policy management, including security baselining and auditing.
- Expert-level PowerShell scripting and Graph API automation for auditing, reporting, and enforcing identity configurations.
- Experience collaborating with Red Teams and Penetration Testing Teams to simulate attacks and strengthen defences.
- Proficiency with AD and Entra ID security tools such as BloodHound, PingCastle, PurpleKnight, ADRecon, PowerView, and Microsoft Defender for Identity.
- Knowledge of Privileged Access Management solutions and SIEM integration for identity threat detection.
- Strong understanding of Zero Trust and EAM principles as applied to hybrid identity environments.
Technical Stack
- Active Directory, Entra ID (Azure AD)
- PowerShell, Graph API
- Microsoft Sentinel, Splunk, QRadar
- CyberArk, BeyondTrust, Thycotic
- BloodHound, PingCastle, PurpleKnight, ADRecon, PowerView, Microsoft Defender for Identity
Team & Environment
This role is part of the Technology Group (TG) at GIC.
Work Mode
This position follows a hybrid work model.
GIC is an equal opportunity employer.
