Job Description
Work Location: Fully Remote – PST Working Hours (BC based preferred, Canada-wide OK)
Hours: Full Time (40hrs/week)
Start Date: March 30th, 2026
Job#: 3022865
Senior AD / ADCS Security Engineer
Fully Remote
Contract Details
Contract Length: 6 Months (possible extensions available)
Work Location: Fully Remote – PST Working Hours (BC based preferred, Canada-wide OK)
Hours: Full Time (40hrs/week)
Start Date: March 30th, 2026
Client Project Background
This is a 6-month security remediation engagement for a Canadian municipality (BC) following a penetration test and security assessment. The environment is a single on-prem Active Directory domain with Microsoft 365. The client lacks deep security expertise and internal capacity, particularly around identity, AD Certificate Services, and legacy protocol hardening. They need hands‑on execution combined with advisory guidance to safely remediate findings without disrupting operations.
Reason for Opening
The client is looking for a Senior‑Level AD / ADCS Security Engineer who can embed with the existing small IT team, confidently remediate findings hands‑on, guide impact analysis, and improve identity security posture — while operating within structured public sector governance.
Key Responsibilities
Remediate priority findings from recent penetration test
Harden Active Directory (single forest/domain) configuration
Remediate and harden Active Directory Certificate Services (ADCS), including:
Certificate template hardening
Broader ADCS configuration and operational best practices
Assess and remove legacy/insecure protocols (e.g., SMBv1)
Evaluate impact of changes on legacy applications before execution
Reduce Tier 0 exposure and domain admin sprawl
Help design privileged access controls (PAW strategy, admin segmentation, MFA leverage)
Work within client change management processes and obtain approvals
Provide risk guidance where full remediation is not immediately feasible
Skills & Experience
Strong hands‑on Active Directory engineering experience
Deep knowledge of ADCS, certificate templates, and PKI hardening
Experience remediating Kerberos vulnerabilities (e.g., Kerberoasting exposure)
Familiarity with legacy protocol decommissioning and application dependency analysis
Experience designing Tier 0 protections and privileged access models
Ability to blend advisory + execution (not purely architecture, not purely operations)
Comfortable operating in public sector / structured governance environments
Client Context
Canadian municipality (BC-based)
Public sector constraints: limited resources, formal change control
No dedicated cybersecurity leadership
Team lacks deep Security Subject Matter Expertise (SME)
Remote access restricted to within Canada
Key Focus Areas
Identity infrastructure hardening (on-prem AD focus)
ADCS risk reduction and operational maturity
Tier 0 security posture improvement
Privileged account governance and MFA optimization
Safe execution of security changes without operational disruption
Capacity augmentation + expertise augmentation
Apex Benefits Overview
Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers an HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Apex team member can provide.
Equal Opportunity Employer Statement
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Benefits Department at [email protected] or 804‑523‑8228. (Do not submit resumes or solicit consultants to this email address). UnitedHealthcare creates and publishes the Transparency in Coverage Machine-Readable Files on behalf of Apex Systems.
Apex Systems is part of the Commercial Segment of ASGN Incorporated.
NYSE: ASGN
4400 Cox Road
Suite 200
Glen Allen, Virginia 23060
#J-18808-Ljbffr
