We're looking for an experienced ITDR/AD Consultant will lead the operations and continuous improvement of the Identity Threat Detection and Response (ITDR) platform for Active Directory environment. The consultant will ensure secure configuration timely response to identity-related threats and maintenance of a disaster recovery posture in line with business continuity and security standards.
• Serve as the SME and primary administrator of the ITDR platform ensuring full operational integrity and optimization.
• Lead the platform configuration and customization like domain controller integration alerting logic GPO compatibility and baseline policy setup.
• Implement tune and validate detection rules based on evolving TTPs and threat intelligence.
• Manage alert governance suppression rules watchlists and relevance thresholds to reduce false positives and alert fatigue.
• Conduct daily/weekly system maintenance tasks
• Oversee version upgrades configuration change management and rollback plans.
• Define integration requirements for SIEM SOAR and ticketing systems ensuring seamless interaction between these platforms.
• Document all security backup and access control requirements for the ITDR platform.
• Coordinate with SOC Threat Intel and Incident Response for alert correlation and enrichment.
• Drive quarterly platform posture reviews presenting detection effectiveness coverage gaps and tuning metrics.
• Maintain and author ITDR operational playbooks SOPs and tuning guidelines.
• Support audit readiness compliance reviews and internal stakeholder reporting.
Experience:
- 5+ years in cybersecurity with strong exposure to Active Directory security or Identity-centric threat detection.
- Hands-on experience administering and configuring security platforms or tools related to AD monitoring identity threat detection or security analytics
- Deep understanding of Active Directory and Windows authentication mechanisms.
- Strong grasp of identity-based attack techniques and MITRE ATT&CK TTPs relevant to AD.
- Proficiency with SIEM or SOAR integrations and understanding of event correlation
- Experience in security policy creation technical documentation and reporting
- Experience with ITDR solutions such as Semperis is highly preferred. Familiarity with other similar platforms (e.g. SentinelOne Singularity Identity Posture Management or equivalent) will also be considered a strong advantage
Preferred Certifications
- GCWN GDAD
- Any ITDR platform administration certifications is a plus
- Identity and Access Management certifications