Active Directory & Privileged Access Management (PAM) Expert
Evere (Brussels) | Start date: ASAP | Long-term assignment | Hybrid - full time
Languages: French or Dutch and English
For a long-term assignment in Evere, we are looking for an experienced Active Directory and Privileged Access Management (PAM) expert to strengthen a security team and improve the overall identity and access security posture.
Mission Description
You will act as a key technical expert in Active Directory and PAM. The mission focuses on hardening the Active Directory environment and designing and implementing a structured PAM framework to better secure and manage privileged identities and access.
You will work closely with AD administrators, IAM specialists, security and infrastructure teams.
Mission Objectives
Active Directory Hardening
Analyze and strengthen the security of all Active Directory forests and domains
Identify and remediate vulnerabilities, notably based on PingCastle analyses
Improve the PingCastle security score
Clean up legacy components and insecure protocols (e.g. Windows Server 2003/2008, DES, NTLMv1, LM)
Implement and enforce secure authentication and password policies
Review and clean up Group Policy Objects (GPOs)
Apply the principle of least privilege and align with Microsoft Security Baselines
Contribute to the analysis and implementation of the Microsoft Tiering Model
Privileged Access Management (PAM)
Design and implement a structured PAM framework
Support the selection and deployment of a new PAM solution
Implement PoLP, RBAC, and role-based entitlement models
Enforce access isolation and secure privileged access management
Set up periodic access reviews (e.g. quarterly)
Define and implement standardized, auditable approval processes
Implement Just-in-Time (JIT) access for temporary privilege elevation
Enforce the four-eyes principle for critical privileged actions
Documentation, Reporting & Governance
Develop a clear remediation and implementation roadmap for AD hardening and PAM
Document all technical actions (as-is / to-be, configurations, scripts, tools used)
Provide regular progress reports (weekly or bi-weekly)
Prepare a final report covering actions taken, remaining risks, and recommendations
Collaboration & Work Environment
Close collaboration with security, IAM, AD, and infrastructure teams
Hybrid working environment (3 days on-site / 2 days remote)
Key Performance Indicators (KPIs)
Measurable improvement and achievement of the PingCastle security score target
Successful implementation and governance of PAM components (PoLP, JIT, four-eyes principle)
Timely delivery and quality of documentation and reporting
Contribution to the correct implementation of the Microsoft Tiering Model
Required Skills
Technical Skills
Proven experience with Active Directory architecture, security, and hardening
Strong expertise in Privileged Access Management and the Microsoft Tiering Model
Hands-on experience with PowerShell, PingCastle, ADManager, and Splunk
Knowledge of Privileged Access Workstations (PAW), RBAC, and IAM integrations
Strong understanding of service account security and least privilege enforcement
Soft Skills
Strong collaboration skills in multidisciplinary teams
Structured and well-documented way of working
Analytical mindset with strong attention to detail
Clear and professional communication
Ability to lead or support workshops on RBAC, PAM, and governance topics
Interested or want to know more?
Apply directly via LinkedIn or get in touch for more details.
Show more Show less