Active Directory Security Engineer

About MatchPoint Solutions

MatchPoint Solutions is a fast-growing global IT and Engineering services firm delivering innovative technology solutions to leading enterprises including Uber, Robinhood, Netflix, Airbnb, Google, and more. With a growing international presence across North America, Europe, Asia, and South America, we help organizations turn ideas into outcomes through cutting‑edge technology, industry best practices, and deep technical expertise.

We’re expanding our team and looking for driven professionals who want to build impactful solutions in a collaborative, high‑growth environment.

Job Title

Active Directory Security Engineer

Work Experience

7+ years of experience

Location

Gurugram‑ Haryana – India (3 days per week WFO – Hybrid)

Sector

48

Employment Type

Full‑time

This role may involve working with or supporting one of MatchPoint Solutions’ client organizations. Client deployed project.

Role Overview

We are seeking a senior, hands‑on Active Directory Security Engineer to support a long, Running programmer of Active Directory hardening and enhancement. This role will focus on reducing technical debt, improving authentication security, and supporting application teams through protocol and service account remediation. This is an independent contributor role.

Key Responsibilities

• Deliver Active Directory security hardening and enhancement across the enterprise
• Reduce legacy technical debt within Active Directory
• Lead authentication and protocol improvements, including:
  • Migration from NTLMv2 to Kerberos
  • Disabling RC4
  • Enforcing LDAP channel binding
  • Reviewing and remediating ACLs
  • Assessing and potentially enabling SMB signing
• Improve service account hygiene, including analysis, remediation, and coordination with application teams
• Analyze authentication and security logs to identify risks and remediation actions
• Advise application teams on required changes and security impacts
• Work independently on protocol and identity‑related issues without requiring day‑to‑day direction

Required Skills & Experience

• Strong engineering background with deep Active Directory security expertise
• In‑depth knowledge of Kerberos, NTLM, LDAP, SMB, and Windows authentication
• Proven experience hardening Active Directory in large or complex environments
• Strong troubleshooting and log analysis skills
• Ability to work autonomously and take ownership of complex security changes
• Clear communication skills when working with infrastructure and application teams
• Strong knowledge of Active Directory (AD DS): domains/forests/trusts, OUs, users, groups, and delegation
• Deep understanding of identity and directory protocols: Kerberos, NTLMv2, and LDAP/LDAPS
• Proven capability to harden Kerberos/NTLM/LDAP (secure configuration, reduce legacy usage, enforce strong controls)
• Hands‑on skills driving NTLM reduction/deprecation and remediating protocol/app dependencies
• Practical expertise implementing LDAP security: LDAPS/TLS, certificates, LDAP signing, and channel binding
• Proficiency writing and tuning KQL for security event filtering, detections, and investigations (Sentinel/Log Analytics)
• Strong understanding of GPO design and implementation (scoping, inheritance, security/WMI filtering), plus testing/rollback and troubleshooting

Equal Employment Opportunity

MatchPoint Solutions is an equal opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants and do not tolerate discrimination or harassment of any kind. Employment decisions are made without regard to race, color, religion, age, sex, national origin, disability, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by applicable federal, state, or local laws.