We are seeking an experienced and detail-oriented Active Directory Auditor to assess and ensure the security, compliance, and efficiency of our Active Directory (AD) environment. The ideal candidate will possess deep technical knowledge of AD and related services, with a proven track record of identifying vulnerabilities, optimizing configurations, and providing actionable recommendations. This role is critical in maintaining the integrity and security of our identity management infrastructure.
Key Responsibilities:
- Domain Controller Auditing: Conduct comprehensive audits of Domain Controllers to ensure their security, proper configuration, and compliance with best practices. Identify and remediate any discrepancies or security risks.
- Organizational Unit (OU) Review: Evaluate the structure and configuration of OUs within the AD environment. Ensure they are organized, appropriately delegated, and compliant with the organization's policies.
- Group Policy Analysis: Audit Group Policies to ensure they are correctly configured, not overly complex, and do not conflict with one another. Provide recommendations for policy optimization and security enhancements.
- User Account and Permission Audits: Review user accounts and their associated permissions to ensure that they are properly assigned, up to date, and aligned with the principle of least privilege. Identify and rectify any excessive or outdated permissions.
- Group Membership Evaluation: Audit group memberships, especially for privileged groups, to ensure that only authorized personnel have access. Detect and address any inappropriate group memberships.
- AD Sites and Services: Assess the configuration of AD Sites and Services, ensuring they are correctly set up to optimize authentication traffic and replication. Identify any inefficiencies or potential issues.
- Trust Relationships: Evaluate trust relationships between different AD domains and forests, ensuring they are secure and appropriately configured. Recommend improvements where necessary.
- Privileged Access Management (PAM) Review: Audit PAM configurations to ensure that privileged accounts are managed securely. Assess the effectiveness of PAM controls and suggest enhancements.
- Microsoft Entra Integration: Review and audit the integration of Microsoft Entra services with Active Directory, ensuring secure and efficient identity management across on-premises and cloud environments.
- Lifecycle Management: Evaluate the processes and policies for account lifecycle management, including provisioning, de-provisioning, and role changes. Ensure that accounts are managed efficiently and securely throughout their lifecycle.
- LAPS Configuration Review: Audit the Local Administrator Password Solution (LAPS) deployment to ensure that it is correctly configured and effectively securing local administrator accounts.
- Ongoing Support and Maintenance: Provide recommendations for ongoing support and maintenance tasks to ensure the AD environment remains secure, up to date, and efficient.
- Identity Management (IDM) Integration: Assess the integration of Identity Management solutions with Active Directory. Ensure that IDM systems are effectively managing user identities and permissions.
- AD Management Tools Evaluation: Review the tools and processes used for AD management, identifying areas for improvement or automation. Recommend new tools or enhancements to existing tools.
- Role-Based Access Strategy: Evaluate the implementation of role-based access control (RBAC) strategies within the AD environment. Ensure that roles are clearly defined, consistently applied, and support organizational security policies.
- Disabled Accounts and Group Mailboxes: Audit disabled accounts and group mailboxes to ensure they are properly managed and do not pose a security risk. Recommend actions for clean-up and decommissioning where appropriate.
Qualifications:
- Bachelor’s degree in Information Technology, Computer Science, or a related field; or equivalent work experience.
- 5+ years of experience working with Active Directory, including auditing, security, and management.
- Deep understanding of AD architecture, including Domain Controllers, Group Policies, OUs, and security best practices.
- Experience with AD auditing tools and techniques.
- Strong analytical skills and attention to detail.
- Excellent verbal and written communication skills.
- Familiarity with Microsoft Entra and Identity Management systems.
- Experience with Privileged Access Management (PAM) solutions.
Preferred Qualifications:
- Relevant certifications such as Microsoft Certified: Identity and Access Administrator, CompTIA Security+, or CISSP.
- Experience in a large-scale enterprise environment.
- Knowledge of LAPS, RBAC, and AD lifecycle management best practices.