Location: REMOTE
Duration: 3- 6 months+
Rate: $90-100/hr W2 ONLY
Responsibilities
- Partner with consultants and client leadership to architect, build, and deploy secure and modern Active Directory and Microsoft Entra ID solutions.
- Assess current-state identity environments and processes, interview stakeholders, define critical requirements, and present practical solution strategies and roadmaps to client executives.
- Lead the technical design of future-state Active Directory (AD DS) and Entra ID architectures, including privileged access management (PAM) design, tiered administrative access models (e.g., Microsoft’s Enterprise Access Model (EAM)), and identity consolidation strategies.
- Establish and enforce identity architecture standards, best practices, and governance to deliver secure, compliant, and consistent solutions aligned with industry benchmarks (e.g., CIS and Microsoft baselines).
- Lead security assessment and remediation planning, including consolidating findings from tools (e.g., Purple Knight, Maester, CIS Benchmark-based configuration assessments (e.g., CIS-CAT)) to create and manage prioritized, risk-based remediation backlogs.
- Provide expert technical oversight for security remediation initiatives, such as hardening domain controllers, remediating privileged access, resolving Entra Connect sync issues, and restricting legacy protocols.
- Develop detailed implementation plans, migration strategies, and remediation backlogs (e.g., in Smartsheet or similar project management tools) for AD restructuring, AD consolidation, identity synchronization, and legacy decommissioning.
- Establish and manage engagement-level governance, quality, and risk, including defining quantitative success criteria, RACI, and clear communications to both technical and executive stakeholders.
Qualifications
- Bachelor’s degree in a relevant field preferred, or equivalent experience required.
- Prior experience in consulting preferred.
- 8–12+ years of experience in IT architecture, engineering, and/or security with a deep focus on identity solutions.
- Expert-level knowledge of Active Directory Domain Services (AD DS) design, security, and administration, including: domain/forest architecture, sites/replication, DNS, Group Policy (GPO) management, DC virtualization safeguards, and forest recovery principles.
- Strong experience with Microsoft Entra ID (formerly Azure AD), including Entra Connect, Conditional Access, modern authentication methods, and Privileged Identity Management (PIM).
- Proven experience leading identity migrations (including on-premises to cloud, cross-forest restructurings, and Tenant-to-Tenant (cross-tenant) consolidations), AD remediations, and/or consolidation projects.
- Experience designing and implementing hybrid authentication patterns between AD DS and Microsoft Entra ID, including pass-through authentication (PTA), Seamless SSO, Cloud Kerberos Trust, and phishing-resistant authentication methods.
- Proficiency in designing and implementing enterprise Privileged Access Management (PAM) solutions (including typical platforms like CyberArk, Delinea, or similar) and tiered administrative access models (e.g., Tier 0/1/2, Microsoft’s Enterprise Access Model (EAM)).
- Hands-on experience with Active Directory and Microsoft Entra ID security assessment and testing tools (e.g., Purple Knight, PingCastle, Maester, Microsoft Defender for Identity or similar AD threat detection platforms) and hardening methodologies (e.g., CIS Benchmarks and Microsoft security baselines).
- Familiarity with compliance standards (e.g., NIST, HIPAA, ISO).
- Advanced scripting for automation and analysis (e.g., PowerShell).
- Knowledge of Infrastructure as Code (Terraform) and DevSecOps practices.
- Familiarity with application dependency and network flow mapping tools (e.g., Device42, Faddom) used to discover AD-integrated application dependencies and support migration planning or microsegmentation boundaries.
- Familiarity with Active Directory resilience and recovery tooling (e.g., Semperis, ADEngine) is a plus.
- Experience migrating from on-premises Active Directory Certificate Services (AD CS) to cloud-native PKI solutions is a plus.
- Familiarity with enterprise Identity Governance and Administration (IGA) platforms (e.g., SailPoint, Saviynt) to manage and improve periodic access certifications (e.g., moving from spreadsheets to a tool) and run detective Segregation of Duties (SoD) reports.
- Experience automating identity lifecycles by replacing nightly batch files from a Human Resources Information System (HRIS) with Application Programming Interface (API)-driven syncs or establishing governance for non-employee/contractor identities.
- Understanding of System for Cross-domain Identity Management (SCIM) or API-based provisioning to automate Joiner-Mover-Leaver (JML) workflows for Software as a Service (SaaS) apps, expanding beyond just core directories and email.
- Experience with Tier-0 threat monitoring and detection strategies, including security event logging and SIEM integration with Active Directory and other Tier 0 assets.
- Professional certifications (e.g., Microsoft Identity/SC series, CISSP, CyberArk/Delinea).
- Occasional exposure to CIAM platforms (e.g., Microsoft Entra External ID, Okta, Auth0) and associated migration/implementation patterns is a plus but not a core requirement.
- A collaborative, flexible, and outcomes-driven consulting environment.
- A culture that values inclusion, diverse perspectives, and teamwork.
- A business-focused and industry-specific approach to deploying technology that helps clients tackle their most significant challenges and deliver tangible results, free from rigid hierarchies.
- While the role spans a broad range of identity technologies and tools, no candidate is expected to be an expert in every item listed. We are seeking deep strength in Tier-0 Active Directory security and modernization, paired with strong Microsoft Entra ID knowledge and the curiosity to rapidly master adjacent areas.
Estimated Min Rate: $90.00
Estimated Max Rate: $100.00
What’s In It for You?
We welcome you to be a part of the largest and legendary global staffing companies to meet your career aspirations. Yoh’s network of client companies has been employing professionals like you for over 65 years in the U.S., UK and Canada. Join Yoh’s extensive talent community that will provide you with access to Yoh’s vast network of opportunities and gain access to this exclusive opportunity available to you. Benefit eligibility is in accordance with applicable laws and client requirements. Benefits include:
- Medical, Prescription, Dental & Vision Benefits (for employees working 20+ hours per week)
- Health Savings Account (HSA) (for employees working 20+ hours per week)
- Life & Disability Insurance (for employees working 20+ hours per week)
- MetLife Voluntary Benefits
- Employee Assistance Program (EAP)
- 401K Retirement Savings Plan
- Direct Deposit & weekly epayroll
- Referral Bonus Programs
- Certification and training opportunities
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship potentially resulting in the withdrawal of a conditional offer of employment.
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
By applying and submitting your resume, you authorize Yoh to review and reformat your resume to meet Yoh’s hiring clients’ preferences. To learn more about Yoh’s privacy practices, please see our Candidate Privacy Notice: https://www.yoh.com/privacy-notice
