Senior/Lead Active Directory Engineer

N-iX is looking for a Senior/Lead Active Directory Engineer to join their team. The customer is a European online car market with over 30 million monthly users and a presence in 18 countries. The role involves assessing, cleaning up, and hardening multiple inherited single-forest, single-domain Active Directory environments to improve structure, security, Group Policy hygiene, and operational consistency, aligned with industry audit and compliance standards such as PCI DSS.

• Extensive hands-on experience (typically 7+ years) with Active Directory engineering and administration.
• Knowledge of latest Windows Server OS versions such as 2022/2025.
• Hands-on AWS experience.
• Proven experience performing Active Directory clean-up, consolidation, or post-transition integration.
• Strong expertise in Active Directory (single-domain environments at scale), Group Policy design, cleanup, optimization, OU design, and delegation models.
• Experience with Active Directory security hardening including tiered admin model, least privilege, attack surface reduction.
• Experience identifying and remediating stale objects, legacy permissions, misconfigurations, Group Policy sprawl, and conflicts.
• Experience integrating Active Directory with IAM/IdP platforms including Azure AD / Entra ID (must have), Okta (nice to have), SSO, federation, identity synchronization (e.g., AAD Connect), RBAC, and identity lifecycle management.
• Experience working within regulated or audited environments including PCI DSS or similar frameworks (ISO 27001, NIST).
• Implementing controls related to identity, access management, and auditability.
• Strong knowledge of authentication protocols (Kerberos, NTLM, SAML/OIDC basics), DNS (AD-integrated), replication, and site topology.
• Experience with tools such as ADUC, ADSIEdit, Group Policy Management Console, PowerShell (AD module).
• Experience auditing and improving privileged access (Domain Admins, Enterprise Admins), service accounts, and delegation.
• At least upper-intermediate English level.

Nice to have:

• Microsoft Certified: Windows Server Hybrid Administrator Associate
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft Certified: Azure Solutions Architect Expert
• MCSA / MCSE (legacy but relevant)
• Security certifications (e.g., CISSP, Security+, CISM)
• Okta Certified Professional / Administrator or similar IAM certifications

• Perform a comprehensive assessment of current Active Directory environments.
• Identify and remediate inactive/stale objects, legacy groups, excessive permissions, Group Policy duplication, conflicts, and inefficiencies.
• Redesign and implement OU structure and delegation model.
• Redesign and implement Group Policy strategy aligned to best practices.
• Implement security hardening measures including privileged access model (e.g., tiering), attack surface reduction, and legacy protocol removal.
• Align Active Directory environments with audit/compliance requirements (e.g., PCI DSS controls).
• Integrate Active Directory environments with enterprise IAM platforms including identity synchronization, federation, access model alignment (RBAC/least privilege), SSO enablement, and identity lifecycle processes.
• Review and optimize Active Directory Sites and Services (replication topology) and DNS configuration and health.
• Develop and execute cleanup and remediation plans with minimal disruption.
• Automate tasks and reporting using PowerShell.
• Produce clear documentation and operational standards including audit-ready configurations.
• Participate in mentoring program.

• Work hours aligned with EDT timezone