Our client is seeking an Active Directory (AD) and Privileged Access Management (PAM) expert to reinforce the security and governance of its identity infrastructure. The mission focuses on two complementary areas: 1) Improving the security posture of Active Directory by addressing identified vulnerabilities and increasing the PingCastle security score, and 2) Designing and implementing a Privileged Access Management (PAM) framework to ensure least privilege, controlled elevation, and auditable privileged access. The expert will join the Security Team.
Quantitative Data
The mission covers all Active Directory forests and domains, as well as all processes and tools related to privileged access and identity governance.
Improve the PingCastle security score.
Support in selecting and Implementing new PAM Solution
Main purposes
1. Active Directory Hardening
Assess and enhance the current security posture of Active Directory.
Identify and remediate key technical weaknesses detected by PingCastle.
Eliminate legacy components and protocols (e.g., Windows Server 2003/2008, DES-enabled accounts, NTLMv1, LM).
Implement secure authentication and password policies.
Review and clean up GPOs, apply least privilege principles, and align configurations with Microsoft security baselines.
2. Privileged Access Management (PAM)
Implement a structured PAM framework.
Enforce the Principle of Least Privilege (PoLP) and Role-Based Privilege Assignment. Implement Access Isolation.
Define and implement an Authorization Process (standardized, auditable approval workflow).
Implement Just-in-Time (JIT) Access for temporary privilege elevation.
Enforce the Four-Eyes Principle for critical privileged actions.
3. Documentation, Reporting, and Governance
Develop a detailed remediation and implementation roadmap (AD + PAM).
Document all technical actions (initial state, final configuration, scripts/tools used).
Deliver regular progress reports (weekly or bi-weekly).
Produce a final report summarizing actions, residual risks, and recommendations.
Collaboration: The expert will operate as part of the Security Team, collaborating closely with AD administrators, IAM specialists, and infrastructure engineers. (Presence required 3 days on site and 2 days remote).
Key Performance indicators
Achievement and improvement of the target PingCastle security score for Active Directory.
Successful and complete implementation and governance of the PAM framework components (e.g., PoLP, JIT, Four-Eyes Principle).
On-time delivery of AD/PAM remediation documentation and reports.
Contribution to the analysis and implementation of the Microsoft Tiering Model.
Skills required Technical Skills:
Proven experience in Active Directory architecture, security, and hardening.
Strong expertise in Privileged Access Management (PAM) and Microsoft Tiering Model.
Proficiency with PowerShell, PingCastle, ADManager, and Splunk.
Familiarity with Privileged Access Workstations (PAWs), RBAC, and IAM integration.
Solid understanding of service account security and least privilege enforcement.
Soft Skills:
Strong collaboration skills within multidisciplinary teams.
High documentation standards and structured working approach.
Analytical mindset, attention to detail, and communication clarity.
Ability to lead or participate in workshops (RBAC, PAM, governance design).