Active Directory Security Consultant - SC Cleared

Active Directory Security Consultant - SC Cleared - Inside IR35We are seeking an experienced Active Directory Security Consultant to lead a comprehensive security assessment across on-premises AD and Azure identity environments. This role combines deep technical expertise with advisory capability, helping uplift identity and access security posture in line with Microsoft and NCSC best practice.Key Responsibilities

• Conduct end-to-end Active Directory security assessments, including domain controllers, trusts, privileged behaviours, deprecated accounts, and protocol risks.
• Lead KRBTGT account analysis and safe password rotation planning.
• Review Privileged Access structures, group memberships and delegated admin models.
• Analyse Kerberos authentication hygiene, ticket anomalies and mitigation options.
• Assess Azure AD / Entra ID and hybrid identity configurations, ensuring alignment to zero-trust principles.
• Evaluate service accounts, Tier-0 assets, GPOs, and administrative workstation approaches (PAW/Cloud PAW).

Essential Skills & Experience

• Advanced knowledge of Active Directory, Group Policy, Kerberos, Entra ID, hybrid identity, and secure authentication protocols.
• Strong expertise in Privileged Access Management, PIM/PAM and secure administrative practices.
• Demonstrable experience applying NCSC and Microsoft Security guidance.
• Practical experience hardening authentication mechanisms (Kerberos, NTLMv2, LDAP signing).
• Ability to translate complex technical risk into clear, actionable advice for both technical and non-technical audiences.