Active Directory Designer / Engineer

RESPONSIBILITIES:Kforce has a client in NYC that is seeking an Active Directory Designer / Engineer.Summary:In this role, the Active Directory Designer / Engineer will reorganize our existing Active Directory groups, OUs, service accounts, and related objects to improve the privileged access control model for administrators and reduce risk or privilege escalation.Responsibilities: Active Directory Designer will design, implement, and document adjustments to our current Active Directory domain to: Use tiered administration; Prevent lower-tier admin IDs from tampering with higher tier admin IDs or service accounts; Report on permissions (preferably using a graph DB) to identify deviations from this plan As a Active Directory Designer, you will review security scorecards from tools like PingCastle, Purple Knight, etc., and develop plans to remediate any gapsREQUIREMENTS: Bachelor's degree or higher in computer engineering, cybersecurity, information security, or a related field Extremely strong understanding of Active Directory permissions and OS-level security policies Working/functional knowledge of Kerberos authentication and Protected Users restrictions Familiarity with: Kerberos armoring; Assessment tools like Bloodhound, PingCastle, etc.; Powershell Strong analytical skills and experience in enterprise (multi-tier) IT admin structures Familiarity with change management protocols Excellent oral and written communication skills and the ability to clearly articulate to all member Background and knowledge of risk assessment technologies and methods Experience with developing and implementing security procedures and policiesKforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.