Role Description Our Senior Cybersecurity Engineer is responsible for protecting Zayo computer networks from cybersecurity attacks and unauthorized access, with a primary focus on the security, design, and operational integrity of Active Directory (AD) and hybrid identity environments. This role leads efforts to assess, harden, and modernize AD infrastructure, ensuring resilience against identity-based threats. The engineer partners with Cybersecurity, Infrastructure, and Cloud teams to implement secure identity architectures, enforce least privilege, and align with regulatory and security best practices. This role may require rotating 24x7 on-call support. - Design, implement, and secure Active Directory (AD) and Azure Entra ID environments, including hybrid identity configurations. - Lead Active Directory security assessments across enterprise AD forests, identifying misconfigurations, attack paths, and control gaps. - This role is focused on enterprise identity security, privileged access governance, and hybrid identity protection — not traditional Windows systems administration. - Partner with internal and external stakeholders to develop and maintain a prioritized remediation roadmap, aligned to: - Zayo risk posture - Regulatory requirements - Internal policies and security standards - Drive execution of remediation efforts to reduce AD-related risk and improve overall security posture. - Lead AD security hardening initiatives, including: - Tiered administration model (Tier 0/1/2) - Privileged access restrictions - Secure Group Policy design - Monitor and defend against identity-based attacks such as: - Pass-the-Hash / Pass-the-Ticket - Kerberoasting - Credential dumping - Implement and manage Privileged Access Management (PAM) and Privileged Identity Management (PIM) solutions. - Manage and secure Group Policy Objects (GPOs) to enforce enterprise security standards. - Oversee identity lifecycle processes within AD, including provisioning, deprovisioning, and access reviews. - Integrate AD with enterprise IAM platforms (e.g., SailPoint, CyberArk) and cloud identity providers. - Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies. - Monitor AD logs and security events using SIEM tools; investigate anomalies and support incident response. - Develop and maintain automation scripts (PowerShell) for AD management, reporting, and security enforcement. - Collaborate with Red Team / Blue Team exercises to validate AD security posture. - Document AD architecture, configurations, and security standards. - Stay current with emerging threats, vulnerabilities, and best practices in AD and identity security. Qualifications - Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent experience). - Minimum of five (5) years of experience managing and securing Active Directory environments. - Demonstrated experience leading AD security assessments and remediation programs in complex enterprise environments. - Strong expertise in: - AD architecture (domains, forests, trusts) - Group Policy management - DNS, LDAP, Kerberos authentication - Hands-on experience with Azure Entra ID and hybrid identity architectures. - Experience with PowerShell scripting for automation and administration. - Strong understanding of identity-based attack techniques and mitigation strategies. - Experience with SIEM tools (e.g., Splunk, Sentinel) for monitoring and incident response. - Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS Benchmarks). - Strong analytical, troubleshooting, and problem-solving skills. - Excellent communication and collaboration abilities. Preferred Qualifications - Experience implementing Tier 0/Tier 1/Tier 2 AD security models. - Familiarity with tools such as: - BloodHound - PingCastle - Microsoft Defender for Identity - Experience with Zero Trust architecture and identity-centric security models. - Exposure to IAM platforms (e.g., SailPoint) for identity governance integration. - Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator, CISSP, CISM). Tech Stack - Active Directory (AD DS) - Azure Entra ID - Group Policy (GPO) - PowerShell - SIEM (Sumologic) - Microsoft Defender for Identity - PAM / PIM solutions (CyberArk) Benefits - Excellent Health, Dental & Vision Insurance - Retirement 401(k) Savings Plan - Generous paid time off policy including paid parental leave