Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Identity and Access Management (IAM) Operations, Microsoft Azure Active Directory
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: Experience in Active Directory, Azure AD, and identity security. The AD & Semperis (AD Protection) / Azure AD Consultant is responsible for securing, monitoring, and administering Active Directory (AD), Azure AD/Entra ID, and associated identity protection platforms. The role involves deploying and managing Semperis Directory Services Protector (DSP), Semperis Active Directory Forest Recovery (ADFR), and implementing controls to harden and protect hybrid identity environments against cyber threats. This consultant works with security, IAM, and infrastructure teams to maintain a resilient and secure identity foundation Roles & Responsibilities: -Manage and administer Active Directory—domains, forests, GPOs, OU structure, delegation, trusts, DNS, replication. -Review and improve AD security posture, identity hygiene, and privilege models. -Conduct periodic AD health checks, replication checks, and audit privileged accounts. -Implement best practices for Tiered Admin Model, LAPS, GPO hardening, and secure delegation. -Deploy, configure, and operate Semperis DSP for AD threat detection, monitoring, and anomaly detection. -Integrate DSP with SIEM/SOAR and security monitoring platforms. -Monitor changes, privilege escalations, and identity-based risks identified by DSP. -Investigate and respond to DSP alerts related to: -AD misconfigurations -Unauthorized privilege elevation -Credential misuse -Replication abuse or persistence techniques -Semperis ADFR (Active Directory Forest Recovery) -Support implementation and testing of AD Forest Recovery plans using Semperis ADFR. -Participate in DR drills for AD restoration, disaster simulations, and backup validations. -Maintain AD backup integrity, run readiness checks, and ensure ADFR configurations remain updated. -Azure AD / Entra ID Administration -Implement Conditional Access, MFA, identity protection policies, and PIM for privileged role management. -Troubleshoot identity sync issues using AAD Connect, Cloud Sync, or hybrid identity models. -Onboard cloud and SaaS applications using SAML/OIDC for SSO and MFA enforcement. -Implement identity security controls aligned with Microsoft and industry benchmarks. -Integrate AD/Azure AD logs with SIEM for monitoring attacker behavior patterns. -Use Semperis, Azure Identity Protection, Defender for Identity (MDI), and other tools for continuous assessment. - Incident Response & Forensics (Identity Focused) -Respond to identity-related incidents, AD compromise attempts, or privilege escalations. -Support red-team/blue-team exercises focusing on AD/AAD attack vectors. -Conduct root cause analysis and recommend remediation actions after incidents. -Documentation & Continuous Improvement -Maintain runbooks, architecture diagrams, AD security baselines, and protection playbooks. -Recommend improvements for identity resilience, AD modernization, and Zero Trust alignment. -Support audit, compliance, and identity governance activities. Professional & Technical Skills: -Microsoft Certifications (SC-300, AZ-500, MS-100/102). -Semperis DSP/ADFR product exposure or certification (if applicable). -Defender for Identity (MDI) -M365 identity security -CyberArk or PIM systems -PowerShell automation -Semperis DSP and/or ADFR -Azure AD/Entra ID -Hybrid identity (AAD Connect / Cloud Sync) -AD administration and security -Strong knowledge of:Kerberos, NTLM, LDAP, DNS,AD attack techniques (Pass-the-Hash, Pass-the-Ticket, Skeleton Key, RID hijacking),Privileged access models and AD hardening,Experience integrating identity logs with SIEM tool Additional Information: - The candidate should have minimum 5 years of experience in Identity and Access Management (IAM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.
Bengaluru
Equal Employment Opportunity Statement
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Please read Accenture’s Recruiting and Hiring Statement for more information on how we process your data during the Recruiting and Hiring process.
We work with one shared purpose: to deliver on the promise of technology and human ingenuity. Every day, more than 775,000 of us help our stakeholders continuously reinvent. Together, we drive positive change and deliver value to our clients, partners, shareholders, communities, and each other.
We believe that delivering value requires innovation, and innovation thrives in an inclusive and diverse environment. We actively foster a workplace free from bias, where everyone feels a sense of belonging and is respected and empowered to do their best work.
At Accenture, we see well-being holistically, supporting our people’s physical, mental, and financial health. We also provide opportunities to keep skills relevant through certifications, learning, and diverse work experiences. We’re proud to be consistently recognized as one of the World’s Best Workplaces™.
Join Accenture to work at the heart of change. Visit us at www.accenture.com.
We have been alerted to the existence of fraudulent messages asking job seekers to set up payment to cover various costs associated with establishing employment at Accenture. No one is ever required to pay for employment at Accenture. If you are contacted by someone asking for payment, please do not respond, and contact us at india.fc.check@accenture.com immediately.