Senior Security Engineer
We are looking for a Senior Security Engineer with deep, hands-on Active Directory expertise to secure and harden enterprise identity infrastructure. You will own AD architecture, hybrid identity, and PKI across forests and domains, with a strong focus on security hardening and reducing attack surface. This is a senior, independent role โ you should be comfortable owning identity security end-to-end with minimal ramp-up.
Details
Schedule: Full-time
Location: Europe, strong preference for the Baltics
Duration: Long-term
Type of collaboration: Full-time employment
English: Upper-intermediate / fluent
About the role
You will be responsible for the design, hardening, and ongoing security of Active Directory environments โ spanning forest and domain architecture, DNS, Group Policy, and replication. A core part of the role is reducing the identity attack surface: applying security hardening best practices, managing Kerberos configuration, and running Active Directory Certificate Services (PKI) securely. You will also work across hybrid identity, connecting on-prem AD with Microsoft Entra ID and ADFS, ensuring consistent security posture across both environments.
You have
Strong, hands-on experience with Active Directory architecture โ forests, domains, trusts, and multi-domain environments
Deep knowledge of Windows Server, DNS, Group Policy, and AD replication
Proven experience with security hardening of AD environments and Kerberos
Hands-on experience with PKI and Active Directory Certificate Services (AD CS)
Experience with Microsoft Entra ID, hybrid identity, and ADFS
Upper-intermediate or fluent English
What to do
Design and maintain secure Active Directory forest and domain architecture
Harden AD environments against common attack paths (Kerberoasting, golden/silver ticket, DCSync, etc.)
Manage DNS, Group Policy, and AD replication across the environment
Administer and secure PKI infrastructure via Active Directory Certificate Services
Own hybrid identity integration between on-prem AD, Microsoft Entra ID, and ADFS
Audit and remediate security gaps across identity infrastructure