Informacje o stanowisku

technologies-expected :

• Active Directory

• PingCastle
• CrowdStrike

• We’re seeking an Active Directory Security & Trust Engineer for a US-based project focused on AD hardening and trust remediation in large, multi-forest enterprise environments.
• You’ll strengthen authentication, apply tiering models, and implement modern security controls to align with best practices and CIS standards.

• Analyze multi-source security data Splunk to assess and execute Active Directory domain hardening and trust/security improvements.
• Implement and tune tiering policies (Tier-0/1/2) and restrictive GPOs; remediate risky privileged access, cross-tier logons, and privileged group exposures.
• Manage and optimize Active Directory trust relationships, including mapping cross-domain usage, identifying app/service dependencies, and implementing trust removals or conversions to one-way/selective authentication.
• Align Domain Controllers with CIS baseline security standards, including encryption protocols and authentication methods; migrate away from legacy encryption (e.g., RC4) and reduce NTLMv1 usage.
• Collaborate with domain and application owners to assess risks, plan change windows, validate remediation and trust changes, including fallback plans if needed.
• Produce clear, actionable remediation plans and reports, track progress in SIEM and spreadsheets, and support verification and change management processes.

• 4 years of experience in enterprise Active Directory engineering with strong focus on security hardening and trust/authentication management in multi-forest (over 50.000) identities environments.
• Practical experience interpreting reports, Splunk logs and trust authentication paths.
• In-depth knowledge of GPO, OU, privileged access models (Tier-0/1/2)
• Strong understanding and working knowledge of authentication protocols including Kerberos, NTLM, encryption modes (RC4 vs AES), selective authentication, SID filtering, and constrained delegation.
• PowerShell proficiency for querying, reporting, and automation of AD tasks.
• Excellent communication skills to liaise effectively with technical teams, application owners, and management.

• Opportunity to work with modern technologies.
• A friendly work environment within a team of professionals.
• Training and development in Microsoft solutions and security systems.
• Growth through collaboration with a U.S.-based client and exposure to enterprise-scale security operations.
• Hands-on learning of advanced tools such as CrowdStrike and PingCastle.
• A rewarding and transparent commission system.
• Sports package and private medical care.

• sharing the costs of sports activities
• private medical care
• sharing the costs of professional training & courses
• life insurance
• remote work opportunities
• flexible working time

Warszawa - Oferty pracy w okolicznych lokalizacjach