Job Description

Project Role :

Security Architect

Project Role Description :

Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.

Must have skills :

Identity and Access Management (IAM) Operations, Microsoft Azure Active Directory

Good to have skills :

NA

Minimum

5

year(s) of experience is required

Educational Qualification :

15 years full time education



Summary: Experience in Active Directory, Azure AD, and identity security. The AD & Semperis (AD Protection) / Azure AD Consultant is responsible for securing, monitoring, and administering Active Directory (AD), Azure AD/Entra ID, and associated identity protection platforms. The role involves deploying and managing Semperis Directory Services Protector (DSP), Semperis Active Directory Forest Recovery (ADFR), and implementing controls to harden and protect hybrid identity environments against cyber threats. This consultant works with security, IAM, and infrastructure teams to maintain a resilient and secure identity foundation Roles & Responsibilities: -Manage and administer Active Directory--domains, forests, GPOs, OU structure, delegation, trusts, DNS, replication. -Review and improve AD security posture, identity hygiene, and privilege models. -Conduct periodic AD health checks, replication checks, and audit privileged accounts. -Implement best practices for Tiered Admin Model, LAPS, GPO hardening, and secure delegation. -Deploy, configure, and operate Semperis DSP for AD threat detection, monitoring, and anomaly detection. -Integrate DSP with SIEM/SOAR and security monitoring platforms. -Monitor changes, privilege escalations, and identity-based risks identified by DSP. -Investigate and respond to DSP alerts related to: -AD misconfigurations -Unauthorized privilege elevation -Credential misuse -Replication abuse or persistence techniques -Semperis ADFR (Active Directory Forest Recovery) -Support implementation and testing of AD Forest Recovery plans using Semperis ADFR. -Participate in DR drills for AD restoration, disaster simulations, and backup validations. -Maintain AD backup integrity, run readiness checks, and ensure ADFR configurations remain updated. -Azure AD / Entra ID Administration -Implement Conditional Access, MFA, identity protection policies, and PIM for privileged role management. -Troubleshoot identity sync issues using AAD Connect, Cloud Sync, or hybrid identity models. -Onboard cloud and SaaS applications using SAML/OIDC for SSO and MFA enforcement. -Implement identity security controls aligned with Microsoft and industry benchmarks. -Integrate AD/Azure AD logs with SIEM for monitoring attacker behavior patterns. -Use Semperis, Azure Identity Protection, Defender for Identity (MDI), and other tools for continuous assessment. - Incident Response & Forensics (Identity Focused) -Respond to identity-related incidents, AD compromise attempts, or privilege escalations. -Support red-team/blue-team exercises focusing on AD/AAD attack vectors. -Conduct root cause analysis and recommend remediation actions after incidents. -Documentation & Continuous Improvement -Maintain runbooks, architecture diagrams, AD security baselines, and protection playbooks. -Recommend improvements for identity resilience, AD modernization, and Zero Trust alignment. -Support audit, compliance, and identity governance activities. Professional & Technical Skills: -Microsoft Certifications (SC-300, AZ-500, MS-100/102). -Semperis DSP/ADFR product exposure or certification (if applicable). -Defender for Identity (MDI) -M365 identity security -CyberArk or PIM systems -PowerShell automation -Semperis DSP and/or ADFR -Azure AD/Entra ID -Hybrid identity (AAD Connect / Cloud Sync) -AD administration and security -Strong knowledge of:Kerberos, NTLM, LDAP, DNS,AD attack techniques (Pass-the-Hash, Pass-the-Ticket, Skeleton Key, RID hijacking),Privileged access models and AD hardening,Experience integrating identity logs with SIEM tool Additional Information: - The candidate should have minimum 5 years of experience in Identity and Access Management (IAM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.




15 years full time education