Security Engineer

Freelance Microsoft / Active Directory Security Engineer (m/f/d)

Location: Flexible / remote

Employment Type: Full-time

Contract: B2B

We are seeking a highly skilled Microsoft / Active Directory Security Engineer (m/f/d) to join our security engineering function. In this role, you will design, implement, and maintain advanced security controls across cloud and hybrid environments, ensuring strong identity protection and platform resilience.

🔎 What You’ll Do

• Design and implement digital security controls to protect identities, data, and access across cloud and hybrid infrastructures.
• Provide expert guidance on Office 365 and Azure security, including:
• Azure Active Directory
• Cloud App Security
• Azure Information Protection
• Information Rights Management
• Data Loss Prevention
• Intune (MDM & Conditional Access)
• Multi-Factor Authentication & Single Sign-On
• Microsoft Enterprise Mobility + Security
• Configure and manage Azure AD, Microsoft/Office 365 tenants, ATP solutions, Intune, authentication systems, identity management, and DLP frameworks.
• Troubleshoot and support security incidents, contributing to rapid identification and resolution.

🎓 What You Bring

• Deep expertise in Microsoft Active Directory and related technologies (Group Policy, Kerberos, DNS, DHCP).
• Proven hands-on experience with Azure AD, Office 365, tenant-wide configurations, ATP products, Intune, authentication, identity management, and DLP.
• Proficiency with PowerShell scripting.
• Strong customer service mindset with a solution-oriented approach.
• Excellent analytical and problem-solving abilities.
• Strong English communication skills (written & spoken).
• Minimum 2 years of experience with Office 365 security features.

🛡️ Key Engagement Areas

You will support and execute critical activities such as:

• Account Analysis: Monitoring user accounts for suspicious or anomalous behavior.
• Password Reset Operations: Enforcing secure tenant-wide password resets.
• Kerberos Reset: Revoking compromised tickets and preventing credential misuse.
• Domain Controller Hardening: Supporting clean builds and replication validation.
• Active Directory Structure Review: Assessing GPOs, OU hierarchies, gMSA usage, site topology, and overall AD health.
• AD Rebuild (if required): Supporting domain or forest rebuilds following severe compromise.