Active Directory Security Specialist

Job Summary:

We are seeking a highly skilled Active Directory Security Specialist to take a leading role in securing the bank’s identity infrastructure across both on-premises and hybrid cloud environments. The successful candidate will be responsible for designing, maintaining, and hardening Active Directory (AD) and Azure AD environments to meet the stringent security and compliance standards of the banking sector, including frameworks like SAMA and NCA ECC.

This is a hands-on technical role requiring deep expertise in identity security, regulatory compliance, and automation using PowerShell to enhance control, visibility, and operational efficiency.

Key Responsibilities:

• Secure AD Architecture & Design:
• Implement and maintain secure configurations for Active Directory and Azure AD.
• Enforce GPOs, secure domain trusts, and policy baselines aligned with Microsoft and CIS standards.
• Contribute to Zero Trust identity strategies and secure authentication implementations.
• Identity & Access Security:
• Manage role-based access controls (RBAC), least privilege models, and privileged account security.
• Coordinate with IAM platforms for provisioning/deprovisioning and enforce secure onboarding/offboarding.
• Oversee conditional access and MFA configurations for both internal and external identities.
• Monitoring, Automation & Threat Response:
• Monitor AD logs and identity events using Microsoft Defender for Identity, Azure Sentinel, and other SIEM tools.
• Automate regular security audits, user access reviews, and administrative controls using PowerShell scripting.
• Investigate suspicious activity, account misuse, or privilege escalations tied to AD infrastructure.
• Support incident response and forensic analysis for identity-related security events.
• Compliance & Audit Support:
• Ensure AD configurations and processes comply with SAMA Cybersecurity Framework, NCA ECC, and ISO 27001.
• Maintain audit-ready documentation and support internal/external audits.
• Participate in risk assessments and remediation plans related to identity and access.

Requirements

• Total IT Security Experience: 5+ years
• Active Directory Security Experience: 3+ years
• PowerShell Automation Experience: 2+ years (Hands-on scripting and workflow automation)
• Banking, Financial, or Regulated Industry Experience: Preferred

Certifications (Preferred):

• Microsoft Certified: Identity and Access Administrator (SC-300)
• Microsoft Security Operations Analyst (SC-200)
• CISSP, CISM, or equivalent security certification
• Familiarity with SAMA or NCA ECC frameworks is a strong advantage

Technical Skills:

• Strong experience with ADDS, Azure AD, ADCS, ADFS, DNS, LDAP, and Kerberos.
• Deep understanding of GPO hardening, tiered administration, and authentication protocols.
• Proficient in PowerShell scripting for automation, reporting, auditing, and enforcement tasks.
• Experience with Microsoft Defender for Identity, Sentinel, PAM tools, and hybrid cloud integration.
• Familiarity with Zero Trust principles and secure integration with Microsoft 365.