Senior Cybersecurity Engineer

Remote Full-time
Company Description

Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.

Our Senior Cybersecurity Engineer is responsible for protecting Zayo computer networks from cybersecurity attacks and unauthorized access, with a primary focus on the security, design, and operational integrity of Active Directory (AD) and hybrid identity environments. This role leads efforts to assess, harden, and modernize AD infrastructure, ensuring resilience against identity-based threats. The engineer partners with Cybersecurity, Infrastructure, and Cloud teams to implement secure identity architectures, enforce least privilege, and align with regulatory and security best practices. This role may require rotating 24x7 on-call support.

Job Responsibilities:
Design, implement, and secure Active Directory (AD) and Azure Entra ID environments, including hybrid identity configurations.

Lead Active Directory security assessments across enterprise AD forests, identifying misconfigurations, attack paths, and control gaps.

This role is focused on enterprise identity security, privileged access governance, and hybrid identity protection — not traditional Windows systems administration.

Partner with internal and external stakeholders to develop and maintain a prioritized remediation roadmap, aligned to 1) Zayo risk posture; 2) Regulatory requirements; 3) Internal policies and security standards

Drive execution of remediation efforts to reduce AD-related risk and improve overall security posture.

Lead AD security hardening initiatives, including: 1) Tiered administration model (Tier 0/1/2); 2) Privileged access restrictions; 3) Secure Group Policy design

Monitor and defend against identity-based attacks such as 1) Pass-the-Hash / Pass-the-Ticket; 2) Kerberoasting; 3) Credential dumping

Implement and manage Privileged Access Management (PAM) and Privileged Identity Management (PIM) solutions.

Manage and secure Group Policy Objects (GPOs) to enforce enterprise security standards.

Oversee identity lifecycle processes within AD, including provisioning, deprovisioning, and access reviews.

Integrate AD with enterprise IAM platforms (e.g., SailPoint, CyberArk) and cloud identity providers.

Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies.

Monitor AD logs and security events using SIEM tools; investigate anomalies and support incident response.

Develop and maintain automation scripts (PowerShell) for AD management, reporting, and security enforcement.

Collaborate with Red Team / Blue Team exercises to validate AD security posture.

Document AD architecture, configurations, and security standards.

Stay current with emerging threats, vulnerabilities, and best practices in AD and identity security.

Experience and Education Requirements:
Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent experience).

Minimum of five (5) years of experience managing and securing Active Directory environments.

Demonstrated experience leading AD security assessments and remediation programs in complex enterprise environments.

Strong expertise in: 1) AD architecture (domains, forests, trusts); 2) Group Policy management; 3) DNS, LDAP, Kerberos authentication

Hands-on experience with Azure Entra ID and hybrid identity architectures.

Experience with PowerShell scripting for automation and administration.

Strong understanding of identity-based attack techniques and mitigation strategies.

Experience with SIEM tools (e.g., Splunk, Sentinel) for monitoring and incident response.

Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS Benchmarks).

Strong analytical, troubleshooting, and problem-solving skills.

Excellent communication and collaboration abilities.

Preferred Qualifications:
Experience implementing Tier 0/Tier 1/Tier 2 AD security models.

Familiarity with tools such as 1) BloodHound; 2) PingCastle; 3) Microsoft Defender for Identity

Experience with Zero Trust architecture and identity-centric security models.

Exposure to IAM platforms (e.g., SailPoint) for identity governance integration.

Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator, CISSP, CISM).

Tech Stack:
• Active Directory (AD DS)
• Azure Entra ID
• Group Policy (GPO)
• PowerShell
• SIEM (Sumologic)
• Microsoft Defender for Identity
• PAM / PIM solutions (CyberArk)

Estimated base salary range: $95,100 - $146,300 USD/annually.

#LI-Remote
#LI-MF1
The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan.

Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off.

The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.

Benefits, Rewards & Wellness
Excellent Health, Dental & Vision Insurance

Retirement 401(k) Savings Plan

Generous paid time off policy including paid parental leave

Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Apply To This Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Accounts Receivable Accounts Payable Specialist [Remote]

Remote

REMOTE UX/UI Designer w/Illustration chops!

Remote

Regional Representative - Tennessee

Remote

Alternance - Graphiste H/F

Remote

Experienced Remote Customer Service Representative – E-Commerce Support Specialist (Work From Home)

Remote

(Entry Level/No Experience) CVS Data Entry Health Remote Jobs – 40$/H

Remote

Join Today: Delivery Support Pharmacy Technician

Remote

Human Resources Generalist - Remote/MD/DC/VA

Remote

Nurse Writer (RN) - Remote Jobs – Indeed Jobs US

Remote

Sr Registered Nurse (RN) - Med Surg/General Sur...

Remote
← Back