AD Security Vulnerability & Automation Engineer - BACJP00222123

Job Description:
Insight Global is seeking an AD Security Vulnerability & Automation Engineer for a leading financial services client. This role focuses on analyzing emerging security threats and translating them into actionable remediation strategies across Active Directory and Windows environments. The engineer will design and implement automation solutions to deploy fixes at scale, while evaluating risk, minimizing exposure, and ensuring alignment with enterprise security standards. This is a highly impactful role for a candidate with deep AD security expertise, strong scripting skills, and experience operating in fast-paced, highly regulated environments.

Day-to-Day:
• Analyze CVE vulnerabilities, MSRC advisories, and vendor guidance to determine remediation steps
• Translate security intelligence into technical actions (patching, GPO updates, registry changes, hardening)
• Define scope and applicability across domain controllers, member servers, and tiered environments
• Perform risk assessments, including exploitability and environmental exposure analysis
• Drive prioritization and sequencing of remediation activities
• Design and develop PowerShell-based automation solutions for deployment and validation
• Build repeatable validation mechanisms to ensure remediation effectiveness
• Partner with operations teams to coordinate secure rollout of patches and fixes
• Produce change documentation including risk, impact, rollback, and implementation details
• Continuously improve security posture and AD hardening strategies

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Must-Haves:
• Deep expertise in Windows Server and Active Directory security architecture
• Proven experience analyzing CVE writeups, MSRC advisories, and vendor security guidance
• Expert-level PowerShell scripting and automation development
• Strong understanding of Kerberos, NTLM, LDAP, DNS, and AD authentication flows
• Experience with SCCM and enterprise patch management
• Ability to perform risk analysis and remediation prioritization in large, regulated environments
• Experience securing and reducing Active Directory attack surface (especially Domain Controllers)
• Strong understanding of AD internetworking and tiered environments
• Hands-on experience with system monitoring and performance analysis
• Excellent technical documentation and communication skills

Plusses:
• Experience with Hyper-V and SCVMM
• Knowledge of Python scripting
• Experience developing AD security policies, standards, and procedures
• Familiarity with virtualization platforms
• Exposure to enterprise-scale automation and validation frameworks

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.