Hi, Greetings of the Day! We are hiring for one of the BIG4 Company: Profile- Azure AD Location- Pune/ Bangalore/ Hyderabad Workmode- Hybrid (2 days or 3 days WFO in a week) Experience- 8 yrs + Key Responsibilities: Conduct Active Directory and Azure AD security assessments for Tier-0 components. Identify attack paths and privilege escalation vectors using BloodHound, ADRecon, PingCastle, PowerView, etc. Evaluate Kerberos and NTLM authentication configurations and detect weaknesses (e.g., Pass-the-Hash, Kerberoasting, AS-REP roasting). Review SAML, OIDC, and OAuth configurations in federated and hybrid identity environments. Assess privileged accounts, admin tiers, service accounts, and delegation models. Review Azure AD Conditional Access, MFA, and Identity Protection policies. Analyze trust relationships, GPOs, and forest/domain design for potential privilege escalation. Evaluate security posture of Tier-0 assets Domain Controllers, ADFS, PKI servers, Azure AD Connect, and Privileged Access Workstations (PAWs). Provide remediation recommendations based on Microsoft Tiering Model, CIS benchmarks, and Zero Trust principles. Develop and deliver technical reports and executive summaries detailing findings, risks, and mitigation priorities. Collaborate with Incident Response, Red Team, and IAM teams to validate findings and strengthen identity protection controls. Support continuous improvement by contributing to AD/Azure AD hardening guidelines and playbooks. Required Technical Skills: Active Directory & Azure AD: Deep understanding of schema, replication, group policy, authentication, and hybrid identity. Authentication Protocols: In-depth knowledge of Kerberos, NTLM, LDAP, SAML, OIDC, OAuth 2.0. Attack Techniques: Hands-on experience with Kerberoasting, Pass-the-Ticket, Pass-the-Hash, AS-REP roasting, Golden/Silver Ticket attacks. Assessment Tools: Proficient in BloodHound, ADRecon, PingCastle, PowerView, Mimikatz, and other AD analysis utilities. Security Hardening: Familiarity with Tier-0 protection strategies, CIS Benchmarks, Microsoft Security Baselines, and Zero Trust concepts. Azure Identity Security: Experience with Azure AD roles, Conditional Access, Privileged Identity Management (PIM), Entra ID Protection. Reporting: Strong ability to translate technical findings into executive-friendly risk reports and remediation roadmaps.
Wait!
Before You Leave... Find Your Perfect Job!
Are you sure you don't want to discover the perfect job opportunity? At JobPe, we help you find the best career matches, tailored to your skills and preferences. Don’t miss out on your dream job!