Active Directory Security Consultant - SC Cleared

Active Directory Security Consultant – SC Cleared - Inside IR35

We are seeking an experienced Active Directory Security Consultant to lead a comprehensive security assessment across on-premises AD and Azure identity environments. This role combines deep technical expertise with advisory capability, helping uplift identity and access security posture in line with Microsoft and NCSC best practice.

• Conduct end-to-end Active Directory security assessments, including domain controllers, trusts, privileged behaviours, deprecated accounts, and protocol risks.
• Lead KRBTGT account analysis and safe password rotation planning.
• Review Privileged Access structures, group memberships and delegated admin models.
• Analyse Kerberos authentication hygiene, ticket anomalies and mitigation options.
• Assess Azure AD / Entra ID and hybrid identity configurations, ensuring alignment to zero-trust principles.
• Evaluate service accounts, Tier-0 assets, GPOs, and administrative workstation approaches (PAW / Cloud PAW).

• Advanced knowledge of Active Directory, Group Policy, Kerberos, Entra ID, hybrid identity, and secure authentication protocols.
• Strong expertise in Privileged Access Management, PIM / PAM and secure administrative practices.
• Demonstrable experience applying NCSC and Microsoft Security guidance.
• Practical experience hardening authentication mechanisms (Kerberos, NTLMv2, LDAP signing).
• Ability to translate complex technical risk into clear, actionable advice for both technical and non-technical audiences.