Microsoft/Active Directory Security Engineer

Principal accountabilities

• Design and implementation of digital security controls, managing access, and protecting data in cloud networks and hybrid environments.
• Provide overall Office 365 security expertise including strong knowledge of Azure Active Directory, Microsoft cloud app security, Azure Information Protection, Data loss prevention, Information Rights Management, Intune (Conditional access/ MDM), single sign-on and multi-factor authentication and related technologies (including Microsoft Enterprise Mobility + Security).
• Configuration of Azure AD, Microsoft\Office 365, tenant, ATP products, Intune, authentication, identity management and DLP.
• Assists in troubleshooting and identifying security incidents.

Qualification and experience

• Expert in Microsoft Active Directory and associated technologies (Group Policy, Kerberos, DNS, DHCP)
• Proven professional experience with Azure AD and Microsoft\Office 365, including configuration of tenant wide policies, ATP products, Intune, authentication and identity management and DLP
• PowerShell scripting
• Customer service, process and solution oriented
• Analytical and problem-solving skills
• Candidate must have ability to effectively communicate in English (written and verbal)
• 2 years of proven experience with Office 365 security features

Key Components

• DT Services may perform the following tasks:
• Account Analysis – Analyze all user accounts for suspicious activity and potential compromise.
• Password Reset – Implement a forced password reset for all user accounts.
• Kerberos Reset – Reset Kerberos tickets to prevent attackers from leveraging stolen credentials.
• Clean Domain Controller builds and replication configuration.
• Overall AD Structure Analysis – Review the AD structure for vulnerabilities and implement security best practices. This includes Group Policy Objects, use of group Managed Service Accounts, Organizational Unit hierarchy and structure, AD sites and Services site topology, and others.
• AD Rebuild – Rebuild the AD Domains and/or Forests if deemed necessary due to severe compromise.