Active Directory / IAM Security Consultant

Description

Active Directory / IAM Security Consultant

Rate - £550p/d Outside IR35

Duration: 3 months(with potential extension)

Location: Hybrid / UK-based (on-site as required)

Overview

Our client is undertaking a major security improvement initiative across its hybrid identity estate, spanning on‑premises Active Directory and cloud identity platforms. We are seeking an experienced Active Directory / Identity Security Contractor to design and deliver a comprehensive least privilege programme, reducing cyber risk and aligning the organisation with modern security best practice.

This engagement is outcome-focused, not advisory. You will have autonomy over how the work is delivered, with responsibility for achieving tangible, auditable improvements to privileged access across the environment.

Key Responsibilities

You will be accountable for the end-to-end delivery of a least privilege programme, including:

Discovery & Current State Analysis

Assess on‑premises Active Directory forests, domains, trusts, and OU structures

Review Entra ID (Azure AD) and integrated SaaS identity platforms

Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures

Identify excessive privilege, legacy configurations, and inherited risk

Review privileged, service, and shared accounts

Assess joiner / mover / leaver processes as they relate to access control

Least Privilege Strategy & Target Architecture

Define a pragmatic least privilege strategy and design principles

Design an administrative tiering model

Redesign role and group structures aligned to business functions

Eliminate or redesign standing privileged access

Introduce just‑in‑time / just‑enough access where feasible

Align on‑prem and cloud privilege models

Ensure designs support operational delivery and business continuity

Implementation & Delivery

Remediate excessive privilege and high‑risk configurations

Redesign and implement groups, roles, and delegation models

Refactor or migrate legacy administrative accounts

Implement least privilege controls across on‑prem and cloud platforms

Deliver changes incrementally to minimise operational risk

Validate that business‑critical access requirements continue to be met

Documentation & Knowledge Transfer

Produce audit‑ready documentation covering:

Target state architecture

Design decisions and assumptions

Operational runbooks and support guidance

Ongoing governance and review processes

Deliver structured knowledge‑transfer sessions to internal teams

Required Experience & Skills

Deep hands‑on expertise with Active Directory (on‑prem) in complex enterprise environments

Strong experience with Entra ID / Azure AD and hybrid identity models xjnqpsq

Proven delivery of least privilege or privileged access reduction initiatives

Strong understanding of:

Administrative tiering models

Delegation and RBAC design

Privileged, service, and shared account management

Experience remediating legacy or over‑privileged environments

Ability to work autonomously and deliver against agreed outcomes

Strong documentation and stakeholder communication skills

Nice to Have

Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent)

Background in security assurance, audit, or regulatory environments

Experience delivering identity transformation in large distributed organisations

What We’re Looking For

This role is ideal for a senior identity engineer or architect who enjoys hands‑on delivery, not just design. You should be comfortable making and implementing change in live environments, balancing security improvement with operational reality

Ad ID: 5417811598