We are looking for a Senior Security Engineer with deep, hands-on Active Directory expertise to secure and harden enterprise identity infrastructure. You will own AD architecture, hybrid identity, and PKI across forests and domains, with a strong focus on security hardening and reducing attack surface. This is a senior, independent role — you should be comfortable owning identity security end-to-end with minimal ramp-up.
Details Schedule: Full-time Location: Europe, strong preference for the Baltics Duration: Long-term Type of collaboration: Full-time employment English: Upper-intermediate / fluent
About the role You will be responsible for the design, hardening, and ongoing security of Active Directory environments — spanning forest and domain architecture, DNS, Group Policy, and replication. A core part of the role is reducing the identity attack surface: applying security hardening best practices, managing Kerberos configuration, and running Active Directory Certificate Services (PKI) securely. You will also work across hybrid identity, connecting on-prem AD with Microsoft Entra ID and ADFS, ensuring consistent security posture across both environments.
You have Strong, hands-on experience with Active Directory architecture — forests, domains, trusts, and multi-domain environments Deep knowledge of Windows Server, DNS, Group Policy, and AD replication Proven experience with security hardening of AD environments and Kerberos Hands-on experience with PKI and Active Directory Certificate Services (AD CS) Experience with Microsoft Entra ID, hybrid identity, and ADFS Upper-intermediate or fluent English
What to do Design and maintain secure Active Directory forest and domain architecture Harden AD environments against common attack paths (Kerberoasting, golden/silver ticket, DCSync, etc.) Manage DNS, Group Policy, and AD replication across the environment Administer and secure PKI infrastructure via Active Directory Certificate Services Own hybrid identity integration between on-prem AD, Microsoft Entra ID, and ADFS Audit and remediate security gaps across identity infrastructure


