Active Directory / IAM Security Consultant at Amtis Professional Ltd, West Midlands (County), £500 to £550 per Year

Active Directory / IAM Security Consultant

Rate - £550p/d Outside IR35

Duration: 3 months(with potential extension)Location: Hybrid / UK-based (on-site as required)

Overview

Our client is undertaking a major security improvement initiative across its hybrid identity estate, spanning on‑premises Active Directory and cloud identity platforms. We are seeking an experienced Active Directory / Identity Security Contractor to design and deliver a comprehensive least privilege programme, reducing cyber risk and aligning the organisation with modern security best practice.

This engagement is outcome-focused, not advisory. You will have autonomy over how the work is delivered, with responsibility for achieving tangible, auditable improvements to privileged access across the environment.

Key Responsibilities

You will be accountable for the end-to-end delivery of a least privilege programme, including:

Discovery & Current State Analysis

• Assess on‑premises Active Directory forests, domains, trusts, and OU structures
• Review Entra ID (Azure AD) and integrated SaaS identity platforms
• Analyse GPOs, Conditional Access policies, RBAC models, and delegation structures
• Identify excessive privilege, legacy configurations, and inherited risk
• Review privileged, service, and shared accounts
• Assess joiner / mover / leaver processes as they relate to access control

Least Privilege Strategy & Target Architecture

• Define a pragmatic least privilege strategy and design principles
• Design an administrative tiering model
• Redesign role and group structures aligned to business functions
• Eliminate or redesign standing privileged access
• Introduce just‑in‑time / just‑enough access where feasible
• Align on‑prem and cloud privilege models
• Ensure designs support operational delivery and business continuity

Implementation & Delivery

• Remediate excessive privilege and high‑risk configurations
• Redesign and implement groups, roles, and delegation models
• Refactor or migrate legacy administrative accounts
• Implement least privilege controls across on‑prem and cloud platforms
• Deliver changes incrementally to minimise operational risk
• Validate that business‑critical access requirements continue to be met

Documentation & Knowledge Transfer

• Produce audit‑ready documentation covering:
  • Target state architecture
  • Design decisions and assumptions
  • Operational runbooks and support guidance
  • Ongoing governance and review processes
• Deliver structured knowledge‑transfer sessions to internal teams

Required Experience & Skills

• Deep hands‑on expertise with Active Directory (on‑prem) in complex enterprise environments
• Strong experience with Entra ID / Azure AD and hybrid identity models
• Proven delivery of least privilege or privileged access reduction initiatives
• Strong understanding of:
  • Administrative tiering models
  • Delegation and RBAC design
  • Privileged, service, and shared account management
• Experience remediating legacy or over‑privileged environments
• Ability to work autonomously and deliver against agreed outcomes
• Strong documentation and stakeholder communication skills

Nice to Have

• Experience with PAM / PIM tooling (e.g. Microsoft PIM or equivalent)
• Background in security assurance, audit, or regulatory environments
• Experience delivering identity transformation in large distributed organisations

What We’re Looking For

This role is ideal for a senior identity engineer or architect who enjoys hands‑on delivery, not just design. You should be comfortable making and implementing change in live environments, balancing security improvement with operational reality.