Technical Consultant - EDS (Enterprise Directory Services)

Detailed Description From Employer:

Contract: Technical Consultant - EDS (Enterprise Directory Services)
Start Date: ASAP
Duration: 12 months
Location: Hybrid - 3 days a week onsite in London and/or Surrey office
Rate: £550 - £650 per day (deemed inside IR35)
Reference: 19713

The Enterprise Directory Services (EDS) team engineers and manages solutions and infrastructure supporting the client's global enterprise directory services and identity & access management, including Microsoft Active Directory and Microsoft Entra ID.You'll join the EDS team as a hands-on engineer focused on day-to-day operations and security hardening across Active Directory and Microsoft Entra ID (Azure AD). You will work with platform SMEs and the wider team to deliver BAU tickets, implement hardening baselines, and execute engineering changes. The emphasis is on collaboration and delivery-contributing expert work under established standards and designs rather than owning product roadmaps or leading programs.

In this role, you will be responsible for efficiently triaging and resolving incidents, service requests, and standard changes across AD/Entra ID, PKI, AD FS, and Quest Active Roles, ensuring adherence to SLAs. You will implement Tier-0/DC hardening, manage GPO governance, and enhance security through Kerberos/LDAP protections and Conditional Access/PIM controls. Your engineering expertise will be pivotal in executing changes based on SME/architect designs, utilising PowerShell and Microsoft Graph for automation and configuration management. You will conduct security remediation using tools like BloodHound/AzureHound and PingCastle, whilst also contributing to monitoring, ops quality, and compliance processes. Collaboration with SMEs and various teams is essential, alongside actively participating in major-incident support and knowledge sharing.

Experience & Qualifications

• Microsoft identity stack: Deep experience with Active Directory and Entra ID (Azure AD), plus associated infrastructure such as AD FS and Azure AD Connect; excellent knowledge of AD 2016/2019 design, troubleshooting, and administration.
• Tiering & privileged access: Practical understanding of AD security concepts (Tier-0/Tier-1, PAWs) and lateral-movement risks; PAW/jump pattern design and rollout.
• Active Directory hardening: CIS-aligned DC baselines, host Firewalls, and no-Internet DC patterns.
• Entra ID controls at scale: Conditional Access (MFA/device/risk), and PIM for roles and PIM for Groups.
• GPO & identity hygiene: Tier-0/Tier-1 GPO design/governance, SPN hygiene, gMSA adoption, and service-account policies (length/rotation).
• Automation-first: PowerShell and Microsoft Graph for audits, enforcement, and remediation; KQL, Terraform, Python; policy/config-as-code mindset in a DevOps environment.
• Exposure tooling: Hands-on with BloodHound/AzureHound and PingCastle (collection, analysis, and driving remediation).
• Quest ecosystem: Active Roles (ARS) and Change Auditor (or equivalent) for RBAC and change/drift tracking.
• Endpoint & access management: Experience with Microsoft Intune or strong understanding of MDM/MAM/Conditional Access.
• Standards & protocols: Strong understanding of OAuth2/OIDC and SAML; experience with PKI/AD CS and relevant Windows security standards.
• Security principles: Least privilege, separation of duties, auditability; confident engagement with InfoSec.
• Networking foundations: HTTP, SMTP, DNS, TCP/IP, proxies, and load balancers.
• Communication: Clear written/verbal communication and presentation skills for technical and senior audiences.
• Process: ITIL certification (desirable) and familiarity with structured change management.

Networking People (UK) is acting as an Employment Business in relation to this vacancy.