Job Title

Work Location: Fully Remote PST Working Hours (BC based preferred, Canada-wide OK) Hours: Full Time (40hrs/week) Start Date: March 30th, 2026 Job#: 3022865 Senior AD / ADCS Security Engineer Fully Remote Contract Details Contract Length: 6 Months (possible extensions available) Work Location: Fully Remote PST Working Hours (BC based preferred, Canada-wide OK) Hours: Full Time (40hrs/week) Start Date: March 30th, 2026 Client Project Background This is a 6-month security remediation engagement for a Canadian municipality (BC) following a penetration test and security assessment. The environment is a single on-prem Active Directory domain with Microsoft 365. The client lacks deep security expertise and internal capacity, particularly around identity, AD Certificate Services, and legacy protocol hardening. They need handson execution combined with advisory guidance to safely remediate findings without disrupting operations. Reason for Opening The client is looking for a SeniorLevel AD / ADCS Security Engineer who can embed with the existing small IT team, confidently remediate findings handson, guide impact analysis, and improve identity security posture while operating within structured public sector governance. Key Responsibilities Remediate priority findings from recent penetration test Harden Active Directory (single forest/domain) configuration Remediate and harden Active Directory Certificate Services (ADCS), including: Certificate template hardening Broader ADCS configuration and operational best practices Assess and remove legacy/insecure protocols (e.g., SMBv1) Evaluate impact of changes on legacy applications before execution Reduce Tier 0 exposure and domain admin sprawl Help design privileged access controls (PAW strategy, admin segmentation, MFA leverage) Work within client change management processes and obtain approvals Provide risk guidance where full remediation is not immediately feasible Skills & Experience Strong handson Active Directory engineering experience Deep knowledge of ADCS, certificate templates, and PKI hardening Experience remediating Kerberos vulnerabilities (e.g., Kerberoasting exposure) Familiarity with legacy protocol decommissioning and application dependency analysis Experience designing Tier 0 protections and privileged access models Ability to blend advisory + execution (not purely architecture, not purely operations) Comfortable operating in public sector / structured governance environments Client Context Canadian municipality (BC-based) Public sector constraints: limited resources, formal change control No dedicated cybersecurity leadership Team lacks deep Security Subject Matter Expertise (SME) Remote access restricted to within Canada Key Focus Areas Identity infrastructure hardening (on-prem AD focus) ADCS risk reduction and operational maturity Tier 0 security posture improvement Privileged account governance and MFA optimization Safe execution of security changes without operational disruption Capacity augmentation + expertise augmentation Apex Benefits Overview Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Apex also offers an HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our Welcome Packet as well, which an Apex team member can provide. Equal Opportunity Employer Statement Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Benefits Department at [emailprotected] or 8045238228. (Do not submit resumes or solicit consultants to this email address). UnitedHealthcare creates and publishes the Transparency in Coverage Machine-Readable Files on behalf of Apex Systems. Apex Systems is part of the Commercial Segment of ASGN Incorporated. NYSE: ASGN 4400 Cox Road Suite 200 Glen Allen, Virginia 23060 #J-18808-Ljbffr