Active Directory / CyberArk Consultant
Technical Consultant
Work location: Louisville, KY (Permanent remote work accepted from anywhere in US; however, we’d prefer EST and CST based resources)
Description
This role is responsible for hands-on execution of a high-risk access reduction initiative focused on Active Directory privileged access across server and workstation environments. The consultant will analyze, remediate, and reduce standing administrative access by untangling nested AD group structures, validating access with application and infrastructure teams, and enabling transition to CyberArk Just-In-Time (JIT) access models.
Key Responsibilities:
Analyze and flatten complex, nested Active Directory group structures (server and workstation admin groups)
Identify and document effective access across multi-level group nesting
Partner with application and infrastructure teams to validate required vs. excessive access
Drive removal of unnecessary privileged access and track measurable reductions
Execute cleanup of local administrator rights across servers and workstations
Produce before/after reporting on privileged access reduction (group size, membership, exposure)
Support onboarding of eligible teams to CyberArk JIT / ephemeral access models
Create clear documentation of group ownership, purpose, and access justification
Work through backlog of remediation tasks and drive closure
Required Qualifications:
Strong hands-on experience with Active Directory, including:
Nested group analysis
Admin group structures (domain, server, workstation)
Access inheritance and effective permissions
Proven experience performing AD or privileged access cleanup/remediation at scale
PowerShell scripting experience (required)
Ability to extract, analyze, and report on AD group membership
Experience working in multi-domain / multi-forest environments
Familiarity with Windows server and workstation administration models
Experience with PAM concepts and tools (CyberArk preferred)
Ability to manage and track work across a backlog of remediation tasks
Strong communication skills to engage with technical teams and validate access requirements
Preferred Qualifications:
Experience with CyberArk (Privilege Cloud, EPM, or similar)
Experience with JIT / Zero Standing Privilege models
Experience in large enterprise environments (10k+ endpoints)
• Experience with data analysis/reporting (Excel, Power BI, etc.)
Apply Now
Apply Now
Work location: Louisville, KY (Permanent remote work accepted from anywhere in US; however, we’d prefer EST and CST based resources)
Description
This role is responsible for hands-on execution of a high-risk access reduction initiative focused on Active Directory privileged access across server and workstation environments. The consultant will analyze, remediate, and reduce standing administrative access by untangling nested AD group structures, validating access with application and infrastructure teams, and enabling transition to CyberArk Just-In-Time (JIT) access models.
Key Responsibilities:
Analyze and flatten complex, nested Active Directory group structures (server and workstation admin groups)
Identify and document effective access across multi-level group nesting
Partner with application and infrastructure teams to validate required vs. excessive access
Drive removal of unnecessary privileged access and track measurable reductions
Execute cleanup of local administrator rights across servers and workstations
Produce before/after reporting on privileged access reduction (group size, membership, exposure)
Support onboarding of eligible teams to CyberArk JIT / ephemeral access models
Create clear documentation of group ownership, purpose, and access justification
Work through backlog of remediation tasks and drive closure
Required Qualifications:
Strong hands-on experience with Active Directory, including:
Nested group analysis
Admin group structures (domain, server, workstation)
Access inheritance and effective permissions
Proven experience performing AD or privileged access cleanup/remediation at scale
PowerShell scripting experience (required)
Ability to extract, analyze, and report on AD group membership
Experience working in multi-domain / multi-forest environments
Familiarity with Windows server and workstation administration models
Experience with PAM concepts and tools (CyberArk preferred)
Ability to manage and track work across a backlog of remediation tasks
Strong communication skills to engage with technical teams and validate access requirements
Preferred Qualifications:
Experience with CyberArk (Privilege Cloud, EPM, or similar)
Experience with JIT / Zero Standing Privilege models
Experience in large enterprise environments (10k+ endpoints)
• Experience with data analysis/reporting (Excel, Power BI, etc.)
Apply Now
Apply Now