Job Description
We are currently looking Identity Security Consultant our Qatar operations.
Required Experience & Skills
- 8+ years in Identity Security / Security Engineering
- Deep hands‑on experience with:
- Active Directory security
- Microsoft Entra ID security
- Conditional Access, MFA, Identity Protection
- Strong PAM / PIM implementation experience
- SOC‑level understanding of identity attack detection and response
- Strong troubleshooting and root‑cause analysis skills
- Excellent written and verbal communication skills
Core Responsibilities
- Own identity security engineering across Active Directory (on‑prem) and Microsoft Entra ID
- Design, implement, and harden identity security configurations
- Act as technical authority for identity threat prevention, detection, and response
- Bridge Identity Engineering and SOC / Incident Response
- Mitigate Red team findings
- Active Directory Security (On‑Prem)
- Secure AD DS architecture and configurations
- Implement and enforce AD Tiering model (Tier 0 / Tier 1 / Tier 2)
- Protect Tier‑0 assets (Domain Controllers, PKI, ADFS, Entra Connect)
- Harden:
- Kerberos authentication
- NTLM usage and restrictions
- Delegation (constrained, resource‑based)
- GPOs for security baselines
- Manage privileged groups and admin separation
- Secure trust relationships and forest/domain boundaries
- Implement PAW / SAW / hardened admin access patterns
- Review and remediate AD attack paths and misconfigurations
Entra ID (Azure AD) Security
- Design and enforce Conditional Access policies
- Implement strong authentication strategies (MFA, passwordless, phishing‑resistant MFA)
- Configure and monitor Entra ID Identity Protection
- Harden tenant security posture and reduce identity attack surface
- Control and monitor:
- Legacy authentication
- OAuth app permissions and consent
- Authentication methods and user flows
- Govern roles, service principals, and app registrations
- Secure Entra ID Connect / Cloud Sync architecture
Privileged Access Management (PAM / PIM)
- Design and implement least‑privilege access models
- Understand and work with Cyberark integrations, Sailpoint etc.
- Implement and operationalize Entra PIM:
- Just‑In‑Time role activation
- Approval workflows
- Role eligibility governance
- Access reviews and alerts
- Identity Threat & Attack Chain Expertise
Deep understanding of identity ‑ based attacks, including:
- Credential theft and replay
- Pass‑the‑Hash / Pass‑the‑Ticket
- Kerberoasting / AS‑REP roasting
- DCSync / DCShadow
- Golden and Silver Ticket attacks
- Privilege escalation and lateral movement
- Persistence mechanisms in AD and Entra ID
- OAuth token abuse and app consent attacks
- MFA fatigue and authentication bypass techniques
- Map attacker techniques to prevention, detection, and remediation controls
SOC Integration & Detection Engineering
- Work closely with SOC teams on identity‑related threats
- Define and improve identity detection use‑cases
- Ensure logging and visibility for:
- Windows Security Event Logs
- Entra ID audit and sign‑in logs
- Integrate identity telemetry with SIEM / SOAR platforms
- Tune alerts to reduce false positives and improve signal quality
- Build and maintain identity incident response playbooks
- Support investigations of compromised accounts and privilege abuse
Hardening, Assessments & Continuous Improvement
- Perform AD and Entra ID security posture assessments
- Identify configuration drift, technical debt, and risk exposure
- Deliver remediation plans and track closure
- Drive continuous identity security improvement initiatives
- Align identity security posture with Zero Trust principles
Governance, Risk & Compliance
- Ensure identity controls meet internal security standards and regulatory requirements
- Support audit and risk assessments related to identity and access
- Provide evidence, documentation, and technical justifications
- Participate in design and security review boards
Documentation & Knowledge Transfer
- Produce clear, audit‑ready documentation:
- Identity architecture diagrams
- Security standards and configuration baselines
- SOPs and operational runbooks
- Incident response procedures
- Provide knowledge transfer and guidance to internal teams
Joining time frame: 2 weeks (maximum 1 month)