Identity Security Consultant

VAM Systems

Required Experience & Skills

• 8+ years in Identity Security / Security Engineering
• Deep hands on experience with:
• Active Directory security
• Microsoft Entra ID security
• Conditional Access, MFA, Identity Protection
• Strong PAM / PIM implementation experience
• SOC level understanding of identity attack detection and response
• Strong troubleshooting and root cause analysis skills
• Excellent written and verbal communication skills

Core Responsibilities

• Own identity security engineering across Active Directory (on prem) and Microsoft Entra ID
• Design, implement, and harden identity security configurations
• Act as technical authority for identity threat prevention, detection, and response
• Bridge Identity Engineering and SOC / Incident Response
• Mitigate Red team findings
• Active Directory Security (On Prem)
• Secure AD DS architecture and configurations
• Implement and enforce AD Tiering model (Tier 0 / Tier 1 / Tier 2)
• Protect Tier 0 assets (Domain Controllers, PKI, ADFS, Entra Connect)
• Harden:
• Kerberos authentication
• NTLM usage and restrictions
• Delegation (constrained, resource based)
• GPOs for security baselines
• Manage privileged groups and admin separation
• Secure trust relationships and forest/domain boundaries
• Implement PAW / SAW / hardened admin access patterns
• Review and remediate AD attack paths and misconfigurations

Entra ID (Azure AD) Security

• Design and enforce Conditional Access policies
• Implement strong authentication strategies (MFA, passwordless, phishing resistant MFA)
• Configure and monitor Entra ID Identity Protection
• Harden tenant security posture and reduce identity attack surface
• Control and monitor:
• Legacy authentication
• OAuth app permissions and consent
• Authentication methods and user flows
• Govern roles, service principals, and app registrations
• Secure Entra ID Connect / Cloud Sync architecture

Privileged Access Management (PAM / PIM)

• Design and implement least privilege access models
• Understand and work with Cyberark integrations, Sailpoint etc.
• Implement and operationalize Entra PIM:
• Just In Time role activation
• Approval workflows
• Role eligibility governance
• Access reviews and alerts
• Identity Threat & Attack Chain Expertise

Deep understanding of identity based attacks, including:

• Credential theft and replay
• Pass the Hash / Pass the Ticket
• Kerberoasting / AS REP roasting
• DCSync / DCShadow
• Golden and Silver Ticket attacks
• Privilege escalation and lateral movement
• Persistence mechanisms in AD and Entra ID
• OAuth token abuse and app consent attacks
• MFA fatigue and authentication bypass techniques
• Map attacker techniques to prevention, detection, and remediation controls

SOC Integration & Detection Engineering

• Work closely with SOC teams on identity related threats
• Define and improve identity detection use cases
• Ensure logging and visibility for:
• Windows Security Event Logs
• Entra ID audit and sign in logs
• Integrate identity telemetry with SIEM / SOAR platforms
• Tune alerts to reduce false positives and improve signal quality
• Build and maintain identity incident response playbooks
• Support investigations of compromised accounts and privilege abuse

Hardening, Assessments & Continuous Improvement

• Perform AD and Entra ID security posture assessments
• Identify configuration drift, technical debt, and risk exposure
• Deliver remediation plans and track closure
• Drive continuous identity security improvement initiatives
• Align identity security posture with Zero Trust principles

Governance, Risk & Compliance

• Ensure identity controls meet internal security standards and regulatory requirements
• Support audit and risk assessments related to identity and access
• Provide evidence, documentation, and technical justifications
• Participate in design and security review boards

Documentation & Knowledge Transfer

• Produce clear, audit ready documentation:
• Identity architecture diagrams
• Security standards and configuration baselines
• SOPs and operational runbooks
• Incident response procedures
• Provide knowledge transfer and guidance to internal teams