Technical Consultant - EDS (Enterprise Directory Services)

OverviewContract: Technical Consultant - EDS (Enterprise Directory Services)

Start Date: ASAP

Duration: 12 months

Location: Hybrid - 3 days onsite in London and/or Surrey office

Rate: £550 - £650 per day (inside IR35)

Reference: 19713

About the teamThe Enterprise Directory Services (EDS) team engineers and manages solutions and infrastructure supporting the client\''s global enterprise directory services and identity and access management, including Microsoft Active Directory and Microsoft Entra ID.

Responsibilities

You\''ll join the EDS team as a hands-on engineer focused on day-to-day operations and security hardening across Active Directory and Microsoft Entra ID (Azure AD).

You will work with platform SMEs and the wider team to deliver BAU tickets, implement hardening baselines, and execute engineering changes.

Collaborate to deliver solutions under established standards and designs rather than owning product roadmaps or leading programs.

Triaging and resolving incidents, service requests, and standard changes across AD/Entra ID, PKI, AD FS, and Quest Active Roles, ensuring adherence to SLAs.

Implement Tier-0/DC hardening, manage GPO governance, and enhance security through Kerberos/LDAP protections and Conditional Access/PIM controls.

Execute changes based on SME/architect designs, utilising PowerShell and Microsoft Graph for automation and configuration management.

Contribute to monitoring, operations quality, and compliance processes; participate in major-incident support and knowledge sharing.

Experience and Qualifications

Microsoft identity stack: Deep experience with Active Directory and Entra ID (Azure AD), plus AD FS and Azure AD Connect; design, troubleshooting, and administration of AD 2016/2019.

Tiering and privileged access: Understanding of AD security concepts (Tier-0/Tier-1, PAWs) and lateral-movement risks; PAW/jump pattern design and rollout.

Active Directory hardening: CIS-aligned DC baselines, host firewalls, no-Internet DC patterns.

Entra ID controls at scale: Conditional Access (MFA/device/risk), and PIM for roles and PIM for Groups.

GPO and identity hygiene: Tier-0/Tier-1 GPO design/governance, SPN hygiene, gMSA adoption, and service-account policies (length/rotation).

Automation-first: PowerShell and Microsoft Graph for audits, enforcement, and remediation; KQL, Terraform, Python; policy/config-as-code mindset in a DevOps environment.

Exposure tooling: Hands-on with BloodHound/AzureHound and PingCastle (collection, analysis, and remediation).

Quest ecosystem: Active Roles (ARS) and Change Auditor (or equivalent) for RBAC and change/drift tracking.

Endpoint and access management: Experience with Microsoft Intune or strong understanding of MDM/MAM/Conditional Access.

Standards and protocols: OAuth2/OIDC and SAML; PKI/AD CS and Windows security standards.

Security principles: Least privilege, separation of duties, auditability; confident engagement with InfoSec.

Networking foundations: HTTP, SMTP, DNS, TCP/IP, proxies, and load balancers.

Communication: Clear written/verbal communication and presentation skills for technical and senior audiences.

Process: ITIL certification (desirable) and familiarity with structured change management.

Networking People (UK) is acting as an Employment Business in relation to this vacancy.

Seniority level

Mid-Senior level

Employment type

Contract

Job function

Information Technology

Industries

IT System Training and ..... full job details .....