Identity Security Consultant

Nair Systems is currently looking Identity Security Consultant our Qatar operations.

Required Experience & Skills

• 8+ years in Identity Security / Security Engineering

• Deep hands on experience with:

• Active Directory security

• Microsoft Entra ID security

• Conditional Access, MFA, Identity Protection

• Strong PAM / PIM implementation experience

• SOC level understanding of identity attack detection and response

• Strong troubleshooting and root cause analysis skills

• Excellent written and verbal communication skills

Core Responsibilities

• Own identity security engineering across Active Directory (on prem) and Microsoft Entra ID

• Design, implement, and harden identity security configurations

• Act as technical authority for identity threat prevention, detection, and response

• Bridge Identity Engineering and SOC / Incident Response

• Mitigate Red team findings

• Active Directory Security (On Prem)

• Secure AD DS architecture and configurations

• Implement and enforce AD Tiering model (Tier 0 / Tier 1 / Tier 2)

• Protect Tier 0 assets (Domain Controllers, PKI, ADFS, Entra Connect)

• Harden:

• Kerberos authentication

• NTLM usage and restrictions

• Delegation (constrained, resource based)

• GPOs for security baselines

• Manage privileged groups and admin separation

• Secure trust relationships and forest/domain boundaries

• Implement PAW / SAW / hardened admin access patterns

• Review and remediate AD attack paths and misconfigurations

Entra ID (Azure AD) Security

• Design and enforce Conditional Access policies

• Implement strong authentication strategies (MFA, passwordless, phishing resistant MFA)

• Configure and monitor Entra ID Identity Protection

• Harden tenant security posture and reduce identity attack surface

• Control and monitor:

• Legacy authentication

• OAuth app permissions and consent

• Authentication methods and user flows

• Govern roles, service principals, and app registrations

• Secure Entra ID Connect / Cloud Sync architecture

Privileged Access Management (PAM / PIM)

• Design and implement least privilege access models

• Understand and work with Cyberark integrations, Sailpoint etc.

• Implement and operationalize Entra PIM:

• Just In Time role activation

• Approval workflows

• Role eligibility governance

• Access reviews and alerts

• Identity Threat & Attack Chain Expertise

Deep understanding of identity based attacks, including:

• Credential theft and replay

• Pass the Hash / Pass the Ticket

• Kerberoasting / AS REP roasting

• DCSync / DCShadow

• Golden and Silver Ticket attacks

• Privilege escalation and lateral movement

• Persistence mechanisms in AD and Entra ID

• OAuth token abuse and app consent attacks

• MFA fatigue and authentication bypass techniques

• Map attacker techniques to prevention, detection, and remediation controls

SOC Integration & Detection Engineering

• Work closely with SOC teams on identity related threats

• Define and improve identity detection use cases

• Ensure logging and visibility for:

• Windows Security Event Logs

• Entra ID audit and sign in logs

• Integrate identity telemetry with SIEM / SOAR platforms

• Tune alerts to reduce false positives and improve signal quality

• Build and maintain identity incident response playbooks

• Support investigations of compromised accounts and privilege abuse

Hardening, Assessments & Continuous Improvement

• Perform AD and Entra ID security posture assessments

• Identify configuration drift, technical debt, and risk exposure

• Deliver remediation plans and track closure

• Drive continuous identity security improvement initiatives

• Align identity security posture with Zero Trust principles

Governance, Risk & Compliance

• Ensure identity controls meet internal security standards and regulatory requirements

• Support audit and risk assessments related to identity and access

• Provide evidence, documentation, and technical justifications

• Participate in design and security review boards

Documentation & Knowledge Transfer

• Produce clear, audit ready documentation:

• Identity architecture diagrams

• Security standards and configuration baselines

• SOPs and operational runbooks

• Incident response procedures

• Provide knowledge transfer and guidance to internal teams

Joining time frame: 2 weeks (maximum 1 month)

Should you be interested in this opportunity, please send your latest resume in MS Word format at the earliest at