Security Architect

Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Identity and Access Management (IAM) Operations, Microsoft Azure Active Directory
Good to have skills : NA
Minimum 5 year(s) of experience is required
Educational Qualification : 15 years full time education
Summary: Experience in Active Directory, Azure AD, and identity security. The AD & Semperis (AD Protection) / Azure AD Consultant is responsible for securing, monitoring, and administering Active Directory (AD), Azure AD/Entra ID, and associated identity protection platforms. The role involves deploying and managing Semperis Directory Services Protector (DSP), Semperis Active Directory Forest Recovery (ADFR), and implementing controls to harden and protect hybrid identity environments against cyber threats. This consultant works with security, IAM, and infrastructure teams to maintain a resilient and secure identity foundation Roles & Responsibilities: -Manage and administer Active Directory—domains, forests, GPOs, OU structure, delegation, trusts, DNS, replication. -Review and improve AD security posture, identity hygiene, and privilege models. -Conduct periodic AD health checks, replication checks, and audit privileged accounts. -Implement best practices for Tiered Admin Model, LAPS, GPO hardening, and secure delegation. -Deploy, configure, and operate Semperis DSP for AD threat detection, monitoring, and anomaly detection. -Integrate DSP with SIEM/SOAR and security monitoring platforms. -Monitor changes, privilege escalations, and identity-based risks identified by DSP. -Investigate and respond to DSP alerts related to: -AD misconfigurations -Unauthorized privilege elevation -Credential misuse -Replication abuse or persistence techniques -Semperis ADFR (Active Directory Forest Recovery) -Support implementation and testing of AD Forest Recovery plans using Semperis ADFR. -Participate in DR drills for AD restoration, disaster simulations, and backup validations. -Maintain AD backup integrity, run readiness checks, and ensure ADFR configurations remain updated. -Azure AD / Entra ID Administration -Implement Conditional Access, MFA, identity protection policies, and PIM for privileged role management. -Troubleshoot identity sync issues using AAD Connect, Cloud Sync, or hybrid identity models. -Onboard cloud and SaaS applications using SAML/OIDC for SSO and MFA enforcement. -Implement identity security controls aligned with Microsoft and industry benchmarks. -Integrate AD/Azure AD logs with SIEM for monitoring attacker behavior patterns. -Use Semperis, Azure Identity Protection, Defender for Identity (MDI), and other tools for continuous assessment. - Incident Response & Forensics (Identity Focused) -Respond to identity-related incidents, AD compromise attempts, or privilege escalations. -Support red-team/blue-team exercises focusing on AD/AAD attack vectors. -Conduct root cause analysis and recommend remediation actions after incidents. -Documentation & Continuous Improvement -Maintain runbooks, architecture diagrams, AD security baselines, and protection playbooks. -Recommend improvements for identity resilience, AD modernization, and Zero Trust alignment. -Support audit, compliance, and identity governance activities. Professional & Technical Skills: -Microsoft Certifications (SC-300, AZ-500, MS-100/102). -Semperis DSP/ADFR product exposure or certification (if applicable). -Defender for Identity (MDI) -M365 identity security -CyberArk or PIM systems -PowerShell automation -Semperis DSP and/or ADFR -Azure AD/Entra ID -Hybrid identity (AAD Connect / Cloud Sync) -AD administration and security -Strong knowledge of:Kerberos, NTLM, LDAP, DNS,AD attack techniques (Pass-the-Hash, Pass-the-Ticket, Skeleton Key, RID hijacking),Privileged access models and AD hardening,Experience integrating identity logs with SIEM tool Additional Information: - The candidate should have minimum 5 years of experience in Identity and Access Management (IAM) Operations. - This position is based at our Bengaluru office. - A 15 years full time education is required.

15 years full time education

About Accenture

Accenture is a leading global professional services company that helps the world’s leading businesses, governments and other organizations build their digital core, optimize their operations, accelerate revenue growth and enhance citizen services—creating tangible value at speed and scale. We are a talent- and innovation-led company with approximately 791,000 people serving clients in more than 120 countries. Technology is at the core of change today, and we are one of the world’s leaders in helping drive that change, with strong ecosystem relationships. We combine our strength in technology and leadership in cloud, data and AI with unmatched industry experience, functional expertise and global delivery capability. Our broad range of services, solutions and assets across Strategy & Consulting, Technology, Operations, Industry X and Song, together with our culture of shared success and commitment to creating 360° value, enable us to help our clients reinvent and build trusted, lasting relationships. We measure our success by the 360° value we create for our clients, each other, our shareholders, partners and communities.

Visit us at www.accenture.com 

Equal Employment Opportunity Statement

We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, military veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by applicable law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.