Job Vacancy Responsable sécurité systeme Expert

cription de la prestation et du contexte opérationnel :

Le département Identity and Access, rattaché à la division Network & Cyber Security, a pour mission d’assurer la conception, le déploiement, l’exploitation et l’évolution des services d’annuaire et de gestion des identités au sein du Groupe. Ces services constituent un pilier essentiel de la cybersécurité, garantissant la disponibilité, la confidentialité et l’intégrité des accès aux systèmes d’information.

Dans un contexte marqué par une transformation digitale d’envergure, l’adoption d’environnements hybrides (on-premises / cloud) et le renforcement des exigences de conformité, l’équipe Active Directory joue un rôle stratégique. Elle est en charge de maintenir
un haut niveau de sécurité et de résilience sur les infrastructures critiques, tout en accompagnant les projets de modernisation liés à l’identité.

La recherche d’un expert en Active Directory, PIAM et PKI vise à renforcer l’équipe sur des compétences clés, afin de soutenir les activités opérationnelles, sécuriser les accès privilégiés et accompagner les évolutions technologiques du Groupe.

Contexte

1. Job Summary:

The Identity and Access department of the Network & Cyber Security division is recruiting an expert in infrastructure and security – Microsoft Active Directory, PIAM, and PKI – to strengthen the Active Directory team.
We are seeking a highly skilled Infrastructure & Security Expert with in-depth expertise in Microsoft Active Directory (AD), including Public Key Infrastructure (PKI) systems and Privileged Identity & Access Management (PIAM) related to AD. The ideal candidate will be responsible for the design, implementation, operation, and continuous improvement of secure, scalable, and resilient directory services across a complex and hybrid infrastructure.

2. Key responsibilities:

Active Directory Infrastructure:
• Design, deploy, and manage enterprise-scale Active Directory environments (multi-domain/forest).
• Monitor and troubleshoot Active Directory replication between domain controllers; ensure replication health and timely convergence.
• Perform AD and agents health checks and domain controller performance analysis.
• Ensure consistency and integrity of directory data across sites and global locations.
• Manage FSMO roles, SYSVOL replication (DFSR), and metadata cleanup when needed.
Incident Management & Technical Escalation:
• Act as the Level 3 escalation point for Active Directory, identity, and infrastructure-related incidents.
• Lead root cause analysis (RCA) for complex or recurring issues.
• Collaborate with GSOC and IT Operations during security incidents involving AD or privileged access.
• Ensure timely resolution of escalated tickets and support requests within SLA.
Knowledge Transfer & Documentation:
• Create and maintain KB articles, and technical documentation for internal use and L2 support teams.
• Provide technical training sessions to L1/L2 support teams.
• Participate in technical design reviews and architecture boards as subject matter expert.
Security & Compliance:
• Enforce Active Directory hardening measures and secure delegation models.
• Implement access control principles (RBAC, least privilege, Just-In-Time access).
• Monitor audit logs, detect anomalous behavior, and support compliance with standards.
Public Key Infrastructure (PKI):
• Deploy, operate, and maintain Microsoft PKI (Active Directory Certificate Services).
• Manage certificate template
• Integrate PKI with smartcards, TLS/SSL encryption, and code signing processes.

3. Required qualifications:

• Education & Experience
o Bachelor’s degree (or equivalent) in Computer Science, Cybersecurity, Information Systems, or related field.
o Minimum of 5–7 years of experience in infrastructure and/or security engineering with a strong focus on Active Directory and identity-related services.
• Technical Expertise – On-Premises AD
o Deep knowledge of Windows Server (2016/2019/2022) and core Active Directory components: DNS, DHCP, ADFS, GPOs, Sites & Services.
o Proven experience in multi-site, multi-domain environments, including domain controller deployment, FSMO roles management, and replication troubleshooting (SYSVOL/DFSR).
o Expertise with AD-integrated DNS, name resolution, conditional forwarders, and troubleshooting complex namespace issues.
o Advanced PowerShell scripting for automation, auditing, and reporting (e.g., health checks, access reviews, remediation tasks).
o Strong troubleshooting skills for authentication (Kerberos/NTLM), replication, and access-related incidents.
• Cloud & Hybrid Identity
o Hands-on experience with Microsoft Entra ID (Azure AD): PIM, RBAC, Conditional Access, Service Principals, Graph API.
o Deep knowledge of Entra ID Connect (AD Connect): custom sync rules, multi-forest connectors, filtering, hybrid identity troubleshooting.
o Experience with Azure Automation and runbooks for identity workflows and task automation.
o Familiarity with AWS Identity and Access Management concepts and hybrid integration; experience with AWS EC2, SSM, Secrets Manager, CloudWatch.
• Security & Compliance
o Good understanding of PKI concepts and Microsoft ADCS: certificate templates, CRLs, smartcard/TLS integration.
o Knowledge of Privileged Identity & Access Management (PIAM): RBAC, least privilege, JIT/JEA delegation models.
o Understanding of directory hardening, audit & compliance frameworks (NIST, CIS Benchmarks) and integration with SIEM.

4. Preferred qualifications:

• AWS Certifications (e.g., Associate level or equivalent).
• Microsoft Certifications (e.g., MS-100, AZ-500, SC-300, or equivalent).
• Experience with hybrid identity models (Entra Connect, SSO/Federation).
• Hands-on experience with monitoring and SIEM tools for directory security (e.g., Splunk, Sentinel).
• Familiarity with Active Directory security auditing and assessment tools, including:
o PingCastle: Ability to run and interpret health and risk assessments, generate compliance reports, and define remediation plans.
o Oradad (or equivalent tools): Experience using it to detect misconfigurations, privilege escalation paths, and attack surfaces within AD.

5. Soft skills:

• Excellent verbal and written communication skills in English (mandatory). French would be a plus.
• Strong technical writing abilities for knowledge bases and documentation.
• Proactive mindset with strong ownership and problem-solving skills.
• Ability to work effectively across teams and departments in a complex environment.