Talent.com
Astra North Infoteck Inc.
L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)Astra North Infoteck Inc. • Vancouver, BC, ca
L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)

L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)

Astra North Infoteck Inc. • Vancouver, BC, ca
4 days ago
Job type
  • Full-time
Job description

Senior Active Directory L3 Support Engineer

Work Model Hybrid – 4 Days Work From Office


Job Summary

We are seeking an experienced Senior Active Directory L3 Support Engineer to strengthen and modernize enterprise Active Directory services across production and disaster recovery environments. The ideal candidate will have extensive experience in Active Directory administration, infrastructure modernization, identity security, and PowerShell automation while supporting highly available and secure enterprise environments.

The role will focus on Active Directory modernization, security hardening, privileged access remediation, Group Policy optimization, and Zero Trust initiatives.


Key Responsibilities

Active Directory Infrastructure & Modernization

  • Deploy and configure additional Domain Controllers across production and disaster recovery environments.
  • Replace legacy Windows Server 2016 Domain Controllers with modern infrastructure while minimizing business disruption.
  • Support Active Directory platform modernization initiatives.
  • Implement network segmentation to align with Zero Trust architecture and reduce lateral movement risks.
  • Maintain Active Directory health including replication, DNS integration, authentication services, and Group Policy processing.

Security Hardening & Identity Protection

  • Implement Extended Protection for Authentication (EPA).
  • Enforce SSL/TLS for privileged Active Directory services.
  • Configure SMB Signing to prevent NTLM relay attacks.
  • Disable NTLMv1 and enforce LDAP Signing and LDAPS.
  • Implement Kerberos Hardening and secure delegation controls.
  • Remediate excessive privilege findings including:
    • AdminCount issues
    • Missing ACL protections
    • Protected Users enrollment
    • GPO-based security exposures
  • Strengthen privileged account management and password policies.
  • Identify and remediate insecure account configurations.

Group Policy & Compliance

  • Harden enterprise Group Policy configurations.
  • Enable PowerShell logging and advanced audit policies.
  • Configure secure encryption standards and Remote Desktop settings.
  • Review and remediate LDAP, authentication, and domain security weaknesses.
  • Document implementation standards, remediation plans, and operational procedures for audit compliance.

Collaboration & Operational Support

  • Partner with Infrastructure, Security, and Application teams during security remediation projects.
  • Support controlled production deployments and change management activities.
  • Participate in infrastructure upgrades and domain controller migration projects.
  • Automate administrative tasks using PowerShell scripting.


Required Skills

  • Extensive experience administering Active Directory Domain Services (AD DS) in enterprise environments.
  • Strong knowledge of:
    • Active Directory Administration
    • Domain Controllers
    • Active Directory Replication
    • DNS
    • Group Policy (GPO)
    • Authentication protocols
    • Disaster Recovery
  • Hands-on experience implementing:
    • Extended Protection for Authentication (EPA)
    • LDAP Signing
    • LDAPS
    • Kerberos Hardening
    • SMB Signing
    • Privileged Account Protection
  • Experience with:
    • Active Directory Certificate Services (AD CS)
    • Active Directory Web Services (ADWS)
    • Windows Server Hardening
    • Identity Security Remediation
  • Strong PowerShell scripting and automation skills.
  • Experience executing infrastructure modernization and Active Directory migration projects.
  • Ability to analyze and remediate privilege escalation paths and identity security risks.


Preferred Qualifications

  • Experience supporting highly regulated enterprise environments.
  • Knowledge of:
    • Zero Trust Architecture
    • Privileged Access Management (PAM)
    • CyberArk
    • Identity Security Assessments
    • Audit & Compliance
    • Change Management
  • Microsoft certifications related to Windows Server, Active Directory, Security, or Identity Administration are highly desirable.


Required Technologies

  • Active Directory Domain Services (AD DS)
  • Active Directory Administration
  • Domain Controllers
  • Active Directory Replication
  • DNS
  • Group Policy (GPO)
  • LDAP Signing
  • LDAPS
  • Kerberos
  • SMB Signing
  • Extended Protection for Authentication (EPA)
  • PowerShell
  • Windows Server
  • Active Directory Certificate Services (AD CS)
  • Active Directory Web Services (ADWS)
  • Disaster Recovery
  • Identity Security


Nice to Have

  • CyberArk
  • Privileged Access Management (PAM)
  • Zero Trust Security
  • Infrastructure Modernization
  • Audit & Compliance
  • Identity Governance




Create a job alert for this search

L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS) • Vancouver, BC, ca

Similar jobs

OT Security Solutions Architect — Pre‑Sales

FortinetVancouver, Metro Vancouver Regional District, CA
Full-time

A global cybersecurity company seeks an OT Business Development Engineer to drive customer engagement and lead technical solutions in Operational Technology security.Responsibilities include engagi... Show more

 • Promoted

Senior Security Engineer - Cloud Identity

MQ Referrals OnlyVancouver, Metro Vancouver Regional District, CA
Full-time

We’re seeking an experienced Senior Security Engineer with a strong passion for.Identity and Access Management(IAM).In this role, you’ll help shape and implement modern identity strategies to secur... Show more

 • Promoted

Remote Senior Product Security Engineer Driving Security Solutions

AffirmVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

Elevate product security as a Senior Product Security Engineer.Collaborate with engineering teams to embed security in the product development lifecycle while identifying vulnerabilities and automa... Show more

 • Promoted

Senior Security & Identity Engineer (Hybrid)

Later GroupVancouver
Full-time

A leading influencer marketing company is looking for a Senior Security Engineer to enhance security foundations.The role involves collaborating closely with engineering teams and embedding securit... Show more

 • Promoted

M365 GenAI Engineer - Secure Integrations & LLM Ops

Symbiotic GroupVancouver, Metro Vancouver Regional District, CA
Full-time

A tech solutions company located in Canada is looking for a hands-on M365/GenAI Engineer.In this role, you will design, build, and support secure integrations and operational controls across Micros... Show more

 • Promoted

Security Infrastructure Engineer

TailscaleVancouver, Metro Vancouver Regional District, CA
Full-time

Tailscale is building the new Internet by delivering software that makes it easy to securely interconnect people and their devices, no matter where they are.From hobbyists to multinational corporat... Show more

 • Promoted

Senior Security Consultant – Hardware and Embedded Security

NCC Group North AmericaVancouver, Metro Vancouver Regional District, CA
Full-time

Senior Security Consultant – Hardware and Embedded Security.Thanks for checking out our latest opportunity.We’re thrilled that YOU are considering joining our team!.We’re NCC Group – a global leade... Show more

 • Promoted

Strategic Information Security Architect

ColliersVancouver, Metro Vancouver Regional District, CA
Full-time

Transform global security architecture as a Strategic Information Security Architect.Spearhead cloud migration security strategies while ensuring systems are secure and compliant.This pivotal role ... Show more

 • Promoted

Security Systems Designer

Ainsworth Inc.Surrey, Metro Vancouver Regional District, CA
Full-time

If you thrive in a team-oriented workplace that challenges your skills, to drive your career development, embraces diversity and rewards innovation, with competitive pay and great employee programs... Show more

 • Promoted

DevOps Security Engineer (Cribl)

Insight GlobalVancouver, Metro Vancouver Regional District, CA
Full-time

Insight is looking to hire a DevOps Security Engineer to join the Security Observability team in the Cybersecurity Engineering organization.Cybersecurity Engineering – scales the means and mechanis... Show more

 • Promoted

Azure AI Security & Governance Consultant

ConcentrixVancouver, Metro Vancouver Regional District, CA
Full-time

A customer experience solutions provider based in Canada is seeking a Cybersecurity Consultant to lead strategic AI security initiatives.The ideal candidate will have deep expertise in the Microsof... Show more

 • Promoted

Security Architect

AGFA HealthCareVancouver, Metro Vancouver Regional District, CA
Full-time

We are hiring an experienced security Architect who is responsible for designing and implementing security within our architecture.This role involves working closely with cross-functional teams (en... Show more

 • Promoted

Senior Security Engineer, Full‑Stack & Cloud

LiveKitVancouver, Metro Vancouver Regional District, CA
Full-time

A tech company specializing in voice-driven systems is seeking a Security Engineer to ensure security across applications, services, and infrastructure.You will proactively identify risks, lead sec... Show more

 • Promoted

Senior Security Engineer - Cloud Identity

Marqeta, Inc.Vancouver, Metro Vancouver Regional District, CA
Full-time

We’re seeking an experienced Senior Security Engineer with a strong passion for.Identity and Access Management (IAM).In this role, you’ll help shape and implement modern identity strategies to secu... Show more

 • Promoted

Application Engineer - Security Tech Solutions (Remote)

SICK Sensor IntelligenceVancouver, Metro Vancouver Regional District, CA
Remote

Sie entwickeln Applikationslösungen im Bereich Sicherheitstechnik.Bewerber benötigen ein Studium in Elektrotechnik und Erfahrung in der Elektrokonstruktion sowie gute Englischkenntnisse. Show more

 • Promoted

Security & M&A Integrations Lead (Remote)

KrakenVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

A leading cryptocurrency company is seeking an experienced professional to join their Security and IT team.The role involves conducting due diligence on security and IT components during M&A transa... Show more

 • Promoted

Enhanced Due Diligence Associate

BET99delta, bc, ca
Full-time

BET99 is Canada's Premiere Online Sportsbook and Casino.Launched in 2020, we have consistently innovated the online gaming landscape every step of the way, exponentially growing our customer base a... Show more

 • Promoted

Senior Application Security Engineer

Crypto Pro NetworkVancouver, Metro Vancouver Regional District, CA
Full-time

Web3 through industry-leading blockchain infrastructure.As the leading provider of staking solutions,.Our clients trust Figment for a comprehensive suite of services, including.Backed by a team of ... Show more

 • Promoted

Remote Security & DevOps Engineer for SaaS/IoT Cloud

KeycafeVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

A leading technology firm in Canada is seeking a passionate Security & DevOps Engineer to enhance its cloud environments and ensure high security across its global IoT platform.You'll manage applic... Show more

 • Promoted

AWS DevOps Engineer for AI Security Platform

VaronisVancouver, Metro Vancouver Regional District, CA
Full-time

A data security leader is seeking an experienced DevOps Engineer to enhance their engineering team.This role requires a strong background in AWS services, including EC2, RDS, and S3, along with ski... Show more