View All Jobs 139521

Active Directory Remediation Engineer - Remote - Remote Eligible

Harden enterprise Active Directory environment against sophisticated attack techniques
Washington DC
Senior
$89,900 – 160,600 USD / year
20 hours agoBe an early applicant
UnitedHealth Group

UnitedHealth Group

Diversified health care and insurance enterprise providing medical benefits, pharmacy services, data analytics, and care delivery solutions worldwide.
107 Similar Jobs at UnitedHealth Group

Active Directory Remediation Engineer

Join Us as an Active Directory Remediation Engineer

Are you passionate about outsmarting attackers and securing the backbone of enterprise identity? We're on the hunt for a seasoned Active Directory Remediation Engineer who thrives at the intersection of identity security, attack path analysis, and hands-on remediation. If you love digging into BloodHound Enterprise graphs, eliminating choke points, and collaborating with red and blue teams to harden environments-this role is for you.

What You'll Be Doing

You'll be the go-to expert for securing our Active Directory and EntraID/Azure ecosystems. Your mission: hunt down vulnerabilities, dismantle attack paths, and raise the bar for identity security.

You'll enjoy the flexibility to work remotely from anywhere within the U.S. as you take on some tough challenges. For all hires in the Minneapolis or Washington, D.C. area, you will be required to work in the office a minimum of four days per week.

Primary Responsibilities:

  • Securing AD: Proactively identify and fix misconfigurations, excessive permissions, and vulnerabilities in hybrid AD environments
  • Attack Path Hunting: Use BloodHound Enterprise to map and prioritize identity-based attack paths to Tier 0 assets. Find and eliminate high-risk choke points
  • Remediation Guidance: Translate complex findings into clear, actionable steps for IT and sysadmin teams
  • Security Metrics: Establish and track findings, automate scripts to create trending data and analysis of overall improvements in security posture
  • Red Team Support: Assist offensive security teams with BloodHound-driven assessments
  • Blue + Red Team Collaboration: Work across teams to close gaps from both offensive and defensive angles
  • Tool Ownership: Manage BloodHound Enterprise, including SharpHound and AzureHound data collection
  • Continuous Learning: Stay sharp on evolving AD attack techniques like ADCS, NTLM Relaying, Coercion, and CAP bypasses

You'll be rewarded and recognized for your performance in an environment that will challenge you and give you clear direction on what it takes to succeed in your role as well as provide development for other roles you may be interested in.

Required Qualifications:

  • 5+ years in AD administration/security
  • 5+ years of Network protocols experience: 5+ years Kerberos, LDAP, DNS
  • 5+ years of Microsoft Entra ID (Azure) and hybrid environments experience
  • 5+ years Active Directory architecture, AD DS/CS, and security best practices experience
  • 2+ years hands-on with BloodHound (Community or Enterprise)
  • 2+ years of PowerShell and/or Python scripting experience
  • 1+ years of software development experience with scripting languages such as python, PowerShell and APIs
  • 1+ years of BloodHound graph analysis and attack path interpretation experience

Preferred Qualifications:

  • Microsoft Certified: Identity and Access Administrator Associate
  • OSCP or CRTO
  • CISSP

Why This Role Rocks

You won't just be patching holes-you'll be reducing risk and improving the security posture of a fortune-five health care company. You'll work with cutting-edge tools, collaborate with elite teams, and make a real impact every day.

Pay is based on several factors including but not limited to local labor markets, education, work experience, certifications, etc. In addition to your salary, we offer benefits such as, a comprehensive benefits package, incentive and recognition programs, equity stock purchase and 401k contribution (all benefits are subject to eligibility requirements). No matter where or when you begin a career with us, you'll find a far-reaching choice of benefits and incentives. The salary for this role will range from $89,900 to $160,600 annually based on full-time employment. We comply with all minimum wage laws as applicable.

Application Deadline: This will be posted for a minimum of 2 business days or until a sufficient candidate pool has been collected. Job posting may come down early due to volume of applicants.

At UnitedHealth Group, our mission is to help people live healthier lives and make the health system work better for everyone. We believe everyone-of every race, gender, sexuality, age, location and income-deserves the opportunity to live their healthiest life. UnitedHealth Group is an Equal Employment Opportunity employer qualified applicants will receive consideration for employment without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. UnitedHealth Group is a drug-free workplace. Candidates are required to pass a drug test before beginning employment.

+ Show Original Job Post
Suggest a correction
























Active Directory Remediation Engineer - Remote - Remote Eligible
Washington DC
$89,900 – 160,600 USD / year
Engineering
Apply to job
About UnitedHealth Group
Diversified health care and insurance enterprise providing medical benefits, pharmacy services, data analytics, and care delivery solutions worldwide.