Talent.com
Astra North Infoteck Inc.
L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)Astra North Infoteck Inc. • Vancouver, BC, ca
L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)

L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS)

Astra North Infoteck Inc. • Vancouver, BC, ca
2 days ago
Job type
  • Full-time
Job description
Job Description

Senior Active Directory L3 Support Engineer

Work Model Hybrid – 4 Days Work From Office


Job Summary

We are seeking an experienced Senior Active Directory L3 Support Engineer to strengthen and modernize enterprise Active Directory services across production and disaster recovery environments. The ideal candidate will have extensive experience in Active Directory administration, infrastructure modernization, identity security, and PowerShell automation while supporting highly available and secure enterprise environments.

The role will focus on Active Directory modernization, security hardening, privileged access remediation, Group Policy optimization, and Zero Trust initiatives.


Key Responsibilities

Active Directory Infrastructure & Modernization

  • Deploy and configure additional Domain Controllers across production and disaster recovery environments.
  • Replace legacy Windows Server 2016 Domain Controllers with modern infrastructure while minimizing business disruption.
  • Support Active Directory platform modernization initiatives.
  • Implement network segmentation to align with Zero Trust architecture and reduce lateral movement risks.
  • Maintain Active Directory health including replication, DNS integration, authentication services, and Group Policy processing.

Security Hardening & Identity Protection

  • Implement Extended Protection for Authentication (EPA).
  • Enforce SSL/TLS for privileged Active Directory services.
  • Configure SMB Signing to prevent NTLM relay attacks.
  • Disable NTLMv1 and enforce LDAP Signing and LDAPS.
  • Implement Kerberos Hardening and secure delegation controls.
  • Remediate excessive privilege findings including:
    • AdminCount issues
    • Missing ACL protections
    • Protected Users enrollment
    • GPO-based security exposures
  • Strengthen privileged account management and password policies.
  • Identify and remediate insecure account configurations.

Group Policy & Compliance

  • Harden enterprise Group Policy configurations.
  • Enable PowerShell logging and advanced audit policies.
  • Configure secure encryption standards and Remote Desktop settings.
  • Review and remediate LDAP, authentication, and domain security weaknesses.
  • Document implementation standards, remediation plans, and operational procedures for audit compliance.

Collaboration & Operational Support

  • Partner with Infrastructure, Security, and Application teams during security remediation projects.
  • Support controlled production deployments and change management activities.
  • Participate in infrastructure upgrades and domain controller migration projects.
  • Automate administrative tasks using PowerShell scripting.


Required Skills

  • Extensive experience administering Active Directory Domain Services (AD DS) in enterprise environments.
  • Strong knowledge of:
    • Active Directory Administration
    • Domain Controllers
    • Active Directory Replication
    • DNS
    • Group Policy (GPO)
    • Authentication protocols
    • Disaster Recovery
  • Hands-on experience implementing:
    • Extended Protection for Authentication (EPA)
    • LDAP Signing
    • LDAPS
    • Kerberos Hardening
    • SMB Signing
    • Privileged Account Protection
  • Experience with:
    • Active Directory Certificate Services (AD CS)
    • Active Directory Web Services (ADWS)
    • Windows Server Hardening
    • Identity Security Remediation
  • Strong PowerShell scripting and automation skills.
  • Experience executing infrastructure modernization and Active Directory migration projects.
  • Ability to analyze and remediate privilege escalation paths and identity security risks.


Preferred Qualifications

  • Experience supporting highly regulated enterprise environments.
  • Knowledge of:
    • Zero Trust Architecture
    • Privileged Access Management (PAM)
    • CyberArk
    • Identity Security Assessments
    • Audit & Compliance
    • Change Management
  • Microsoft certifications related to Windows Server, Active Directory, Security, or Identity Administration are highly desirable.


Required Technologies

  • Active Directory Domain Services (AD DS)
  • Active Directory Administration
  • Domain Controllers
  • Active Directory Replication
  • DNS
  • Group Policy (GPO)
  • LDAP Signing
  • LDAPS
  • Kerberos
  • SMB Signing
  • Extended Protection for Authentication (EPA)
  • PowerShell
  • Windows Server
  • Active Directory Certificate Services (AD CS)
  • Active Directory Web Services (ADWS)
  • Disaster Recovery
  • Identity Security


Nice to Have

  • CyberArk
  • Privileged Access Management (PAM)
  • Zero Trust Security
  • Infrastructure Modernization
  • Audit & Compliance
  • Identity Governance





Requirements
60-70
Create a job alert for this search

L3 Active Directory Engineer – Identity Security (IAM, PAM, AD DS) • Vancouver, BC, ca

Similar jobs

Expert Architect for Security Sector Designs

Stantec Consulting International Ltd.Vancouver, Metro Vancouver Regional District, CA
Full-time

Drive architectural excellence in high-security and federal designs.This role focuses on leading projects that require a keen attention to detail and deep compliance with defense regulations.As a S... Show more

 • Promoted

Senior Security Engineer - Cloud Identity

MQ Referrals OnlyVancouver, Metro Vancouver Regional District, CA
Full-time

We’re seeking an experienced Senior Security Engineer with a strong passion for.Identity and Access Management(IAM).In this role, you’ll help shape and implement modern identity strategies to secur... Show more

 • Promoted

Remote Senior Product Security Engineer Driving Security Solutions

AffirmVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

Elevate product security as a Senior Product Security Engineer.Collaborate with engineering teams to embed security in the product development lifecycle while identifying vulnerabilities and automa... Show more

 • Promoted

Senior Security & Identity Engineer (Hybrid)

Later GroupVancouver
Full-time

A leading influencer marketing company is looking for a Senior Security Engineer to enhance security foundations.The role involves collaborating closely with engineering teams and embedding securit... Show more

 • Promoted

M365 GenAI Engineer - Secure Integrations & LLM Ops

Symbiotic GroupVancouver, Metro Vancouver Regional District, CA
Full-time

A tech solutions company located in Canada is looking for a hands-on M365/GenAI Engineer.In this role, you will design, build, and support secure integrations and operational controls across Micros... Show more

 • Promoted

Senior Infrastructure Security Engineer

ClioVancouver, Metro Vancouver Regional District, CA
Full-time

Clio is the global leader in legal AI technology, empowering legal professionals and law firms of every size to work smarter, faster, and more securely.We are transforming the legal experience for ... Show more

 • Promoted

Security Infrastructure Engineer

TailscaleVancouver, Metro Vancouver Regional District, CA
Full-time

Tailscale is building the new Internet by delivering software that makes it easy to securely interconnect people and their devices, no matter where they are.From hobbyists to multinational corporat... Show more

 • Promoted

Strategic Information Security Architect

ColliersVancouver, Metro Vancouver Regional District, CA
Full-time

Transform global security architecture as a Strategic Information Security Architect.Spearhead cloud migration security strategies while ensuring systems are secure and compliant.This pivotal role ... Show more

 • Promoted

Security Systems Designer

Ainsworth Inc.Surrey, Metro Vancouver Regional District, CA
Full-time

If you thrive in a team-oriented workplace that challenges your skills, to drive your career development, embraces diversity and rewards innovation, with competitive pay and great employee programs... Show more

 • Promoted

Security Architect

AGFA HealthCareVancouver, Metro Vancouver Regional District, CA
Full-time

We are hiring an experienced security Architect who is responsible for designing and implementing security within our architecture.This role involves working closely with cross-functional teams (en... Show more

 • Promoted

Associate Director, Cyber Security

British Columbia Institute of TechnologyBurnaby, Metro Vancouver Regional District, CA
Full-time +2

BCIT’s Information Technology Services department is seeking a regular, full-time (1.FTE) Associate Director, Cyber Security.The Associate Director, Cyber Security oversees the operations of the Cy... Show more

 • Promoted

Senior Application Security Lead at Mirai

Mirai Security Inc.Vancouver, Metro Vancouver Regional District, CA
Full-time

Step into the role of Senior Security Lead at Mirai, where your application security expertise will drive impactful changes.This position requires both leadership and technical skills, ideally suit... Show more

 • Promoted

Senior Security Engineer - Cloud Identity

Marqeta, Inc.Vancouver, Metro Vancouver Regional District, CA
Full-time

We’re seeking an experienced Senior Security Engineer with a strong passion for.Identity and Access Management (IAM).In this role, you’ll help shape and implement modern identity strategies to secu... Show more

 • Promoted

Director of AI

People In AIrichmond, bc, ca
Full-time

Director, AI / ML (Applied AI & Agentic Systems).A scaled, product-led technology company operating at the intersection of data, AI, and vertical SaaS—focused on transforming how complex, real-worl... Show more

 • Promoted

NIOS Platform Engineer - Build Next-Gen DNS & Security

InfobloxBurnaby, Metro Vancouver Regional District, CA
Full-time

A leading technology company in Burnaby is seeking a Software Engineer II to design, develop, and support core platform features for its NIOS platform.The role necessitates collaboration with vario... Show more

 • Promoted

Security Engineer I (Application Security Engineer)

WorkSafeBCRichmond, Metro Vancouver Regional District, CA
Full-time

Want to use your expertise to connect to an IT career with a difference? Join our team as a Security Engineer I and help shape the future of secure applications that protect millions of British Col... Show more

 • Promoted

Security Infrastructure Engineer: Cloud & Kubernetes Security

TailscaleVancouver, Metro Vancouver Regional District, CA
Full-time

A leading cybersecurity firm in Canada is looking for a software engineer focused on security and infrastructure.Your responsibilities will include designing security controls and improving the sec... Show more

 • Promoted

Advanced Security Engineering at Remitly

Remitly, Inc.Burnaby, Metro Vancouver Regional District, CA
Full-time

Dive into an advanced Security Engineer II role at Remitly, focusing on protecting our infrastructure and applications in a collaborative hybrid work setting.You'll be pivotal in enhancing our secu... Show more

 • Promoted

Security & M&A Integrations Lead (Remote)

KrakenVancouver, Metro Vancouver Regional District, CA
Remote
Full-time

A leading cryptocurrency company is seeking an experienced professional to join their Security and IT team.The role involves conducting due diligence on security and IT components during M&A transa... Show more

 • Promoted

Enhanced Due Diligence Associate

BET99delta, bc, ca
Full-time

BET99 is Canada's Premiere Online Sportsbook and Casino.Launched in 2020, we have consistently innovated the online gaming landscape every step of the way, exponentially growing our customer base a... Show more