Key Facts

Remote From:

United States

Full time

Senior (5-10 years)

95 - 146K yearly

English

Hard Skills

Active Directory Group Policy Privileged Access Management Security Information And Event Management (SIEM) Identity And Access Management Access Control List Splunk Engineering Documentation Authentication Protocols Windows PowerShell +13 more

Other Skills

•
Collaboration
•
Communication
•
Analytical Thinking
•
Troubleshooting (Problem Solving)
•
Problem Solving

Roles & Responsibilities

Bachelor's degree in computer science, cybersecurity, or a related field (or equivalent experience).
Minimum of five years of experience managing and securing Active Directory environments, including leading AD security assessments and remediation in complex enterprise settings.
Strong expertise in AD architecture (domains, forests, trusts), Group Policy management, DNS, LDAP, and Kerberos authentication; hands-on experience with Azure Entra ID and hybrid identity.
Proficiency with PowerShell scripting, SIEM tools (e.g., Splunk, Microsoft Sentinel), and knowledge of security frameworks (NIST, ISO 27001, CIS).

Requirements:

Design, implement, and secure Active Directory and Azure Entra ID environments, including hybrid identity configurations.
Lead Active Directory security assessments across enterprise forests, identify misconfigurations, attack paths, and control gaps; develop remediation roadmaps.
Hardening initiatives: Tiered administration model (Tier 0/1/2), privileged access restrictions, secure Group Policy design; implement and manage PAM/PIM and monitor/defend against identity-based attacks (Pass-the-Hash, Kerberoasting, credential dumping).
Collaborate with Cybersecurity, Infrastructure, and Cloud teams; integrate AD with IAM platforms (e.g., SailPoint, CyberArk); implement MFA and Conditional Access; monitor logs with SIEM and support incident response.

Zayo Group

Telecommunication Services

About Zayo Group

For over 15 years, Zayo has been the driving force behind the world's most dynamic and forward-thinking enterprises, helping them pave the way to what's next. With a network that stretches over 16.8 million fiber miles and spans an impressive 141,000 route miles, Zayo is not just in the business of connectivity – we're in the business of limitless potential. Imagine a world where possibilities are boundless, where businesses can seamlessly bridge the gap between where they are and where they want to be. That's the world we're creating, one fiber mile at a time. Zayo's tailored connectivity and cutting-edge edge solutions are the heartbeat of carriers, cloud pioneers, data centers, educational institutions, and enterprises alike. From the very core to the cloud to the edge, Zayo is there, powering exceptional experiences that redefine what's achievable. So, are you ready to unlock the true power of connection? Embark on this journey with us and discover how Zayo doesn't just connect dots – we connect destinies. For more information, visit zayo.com.

Company type: Large

Industry: Telecommunication Services

Founded: 2018

Company size: 1001 - 5000

Website LinkedIn See all jobs →

Job description

Company Description

Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.

Our Senior Cybersecurity Engineer is responsible for protecting Zayo computer networks from cybersecurity attacks and unauthorized access, with a primary focus on the security, design, and operational integrity of Active Directory (AD) and hybrid identity environments. This role leads efforts to assess, harden, and modernize AD infrastructure, ensuring resilience against identity-based threats. The engineer partners with Cybersecurity, Infrastructure, and Cloud teams to implement secure identity architectures, enforce least privilege, and align with regulatory and security best practices. This role may require rotating 24x7 on-call support.

Job Responsibilities:

Design, implement, and secure Active Directory (AD) and Azure Entra ID environments, including hybrid identity configurations.
Lead Active Directory security assessments across enterprise AD forests, identifying misconfigurations, attack paths, and control gaps.
This role is focused on enterprise identity security, privileged access governance, and hybrid identity protection — not traditional Windows systems administration.
Partner with internal and external stakeholders to develop and maintain a prioritized remediation roadmap, aligned to 1) Zayo risk posture; 2) Regulatory requirements; 3) Internal policies and security standards
Drive execution of remediation efforts to reduce AD-related risk and improve overall security posture.
Lead AD security hardening initiatives, including: 1) Tiered administration model (Tier 0/1/2); 2) Privileged access restrictions; 3) Secure Group Policy design
Monitor and defend against identity-based attacks such as 1) Pass-the-Hash / Pass-the-Ticket; 2) Kerberoasting; 3) Credential dumping
Implement and manage Privileged Access Management (PAM) and Privileged Identity Management (PIM) solutions.
Manage and secure Group Policy Objects (GPOs) to enforce enterprise security standards.
Oversee identity lifecycle processes within AD, including provisioning, deprovisioning, and access reviews.
Integrate AD with enterprise IAM platforms (e.g., SailPoint, CyberArk) and cloud identity providers.
Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies.
Monitor AD logs and security events using SIEM tools; investigate anomalies and support incident response.
Develop and maintain automation scripts (PowerShell) for AD management, reporting, and security enforcement.
Collaborate with Red Team / Blue Team exercises to validate AD security posture.
Document AD architecture, configurations, and security standards.
Stay current with emerging threats, vulnerabilities, and best practices in AD and identity security.

Experience and Education Requirements:

Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent experience).
Minimum of five (5) years of experience managing and securing Active Directory environments.
Demonstrated experience leading AD security assessments and remediation programs in complex enterprise environments.
Strong expertise in: 1) AD architecture (domains, forests, trusts); 2) Group Policy management; 3) DNS, LDAP, Kerberos authentication
Hands-on experience with Azure Entra ID and hybrid identity architectures.
Experience with PowerShell scripting for automation and administration.
Strong understanding of identity-based attack techniques and mitigation strategies.
Experience with SIEM tools (e.g., Splunk, Sentinel) for monitoring and incident response.
Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS Benchmarks).
Strong analytical, troubleshooting, and problem-solving skills.
Excellent communication and collaboration abilities.

Preferred Qualifications:

Experience implementing Tier 0/Tier 1/Tier 2 AD security models.
Familiarity with tools such as 1) BloodHound; 2) PingCastle; 3) Microsoft Defender for Identity
Experience with Zero Trust architecture and identity-centric security models.
Exposure to IAM platforms (e.g., SailPoint) for identity governance integration.
Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator, CISSP, CISM).

Tech Stack:

• Active Directory (AD DS)

• Azure Entra ID

• Group Policy (GPO)

• PowerShell

• SIEM (Sumologic)

• Microsoft Defender for Identity

• PAM / PIM solutions (CyberArk)

Estimated base salary range: $95,100 - $146,300 USD/annually.

#LI-Remote

#LI-MF1

The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan.

Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off.

The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.

Benefits, Rewards & Wellness

Excellent Health, Dental & Vision Insurance
Retirement 401(k) Savings Plan
Generous paid time off policy including paid parental leave

Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Ready to apply?

APPLY

Share ·