Create Alert
Apply now »

VP, Active Directory & Entra ID Engineer, Technology Group

Location: 

Singapore, SG

Job Function:  Technology Group
Job Type:  Permanent
Req ID:  17039

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

 

Technology Group
The Technology Group (TG) is a key enabler to keep our business moving forward and is constantly exploiting state-of-the-art information technologies to enhance GIC’s ability to be the leading global long-term investment firm. We aim to provide users with empowering and transformational capabilities, and to create an inclusive, innovative and integrated work environment.

 

What impact can you make in this role?

We are seeking a highly experienced Senior Active Directory (AD) Security Engineer to focus on securing, hardening, and automating enterprise Active Directory environments, ensuring robust Tier 0 protection, privileged access controls, trust hardening, OU/GPO security, and cyber resilience. The engineer will work closely with Red Teams, Penetration Testing, and Threat Detection functions to identify attack paths, simulate AD-based threats, automate recovery capabilities, and continuously strengthen the enterprise AD security posture. 

 

What will you do as an VP, Active Directory & Entra ID Engineer? 

  • Design, secure, and manage hybrid identity environments across on-prem Active Directory and Entra ID (Azure AD) to ensure resilience, integrity, and threat resistance.
  • Define and implement a clean, compliant target state for identity and access management (IAM), aligning AD and Entra ID security with enterprise IAM processes and governance.
  • Conduct threat modelling and exposure assessments for both AD and Entra ID to identify and mitigate identity attack paths.
  • Implement and maintain Tier 0 (Privileged Access) controls aligned with Microsoft’s Enterprise Access Model (EAM) and Zero Trust principles.
  • Harden AD forests, domains, and trust relationships, as well as Entra ID tenants, to prevent privilege escalation, domain compromise, and lateral movement.
  • Design and manage Privileged Access Workstations (PAWs) and enforce administrative boundaries for Tier 0 and Tier 1 assets.
  • Develop and maintain PowerShell and Graph API automation frameworks to:
    • Audit and report AD and Entra ID configurations, permissions, and delegations.
    • Enforce baseline hardening and compliance controls.
    • Automate remediation, monitoring, and hygiene tasks.
  • Support AD Forest recovery and Entra ID incident response automation to improve recovery time objectives (RTO).
  • Design and implement AD Forest Recovery and Entra ID tenant recovery plans, perform automated recovery drills, and build operational readiness for cyberattack or ransomware scenarios.
  • Manage and secure Organizational Unit (OU) delegation models and Entra ID administrative units following least-privilege principles.
  • Manage and harden Group Policy Objects (GPOs) and Conditional Access Policies to enforce security baselines and prevent policy abuse.
  • Collaborate with IAM teams to integrate AD and Entra ID workflows (e.g., provisioning, deprovisioning, access reviews) into enterprise identity lifecycle processes.
  • Collaborate with Red Team, Penetration Testing, and SOC teams to identify vulnerabilities, validate attack paths, and remediate exposures.
  • Simulate and analyse identity-based attack scenarios (e.g., DCSync, DCShadow, Golden/Silver Ticket, Pass-the-Hash, Kerberoasting, token replay, and consent phishing).
  • Integrate Threat Detection and Response capabilities within SOC operations and SIEM tools (e.g., Microsoft Sentinel, Splunk, QRadar).
  • Support Privileged Access Management (PAM) solutions such as CyberArk, BeyondTrust, or Thycotic to enforce Just-in-Time (JIT) and Just-Enough Access (JEA).
  • Maintain detailed documentation, baselines, recovery guides, and post-assessment reports to enhance hybrid identity security and resilience posture.
 
 

What qualifications or skills should you possess in this role? 

  • Bachelor’s or Master’s in Computer Science, Cybersecurity, or related field.
  • Minimum of 5 years in AD security engineering 
  • Deep expertise in Active Directory internals (replication, Kerberos, LDAP, DNS, GPO) and Entra ID architecture (Conditional Access, Identity Protection, PIM, App Registrations, and Connect).
  • Proven experience in AD and Entra ID hardening, Tier 0 protection, trust management, and privileged access isolation.
  • Hands-on experience in hybrid identity design, including synchronization, federation, and secure integration with SaaS applications.
  • Experience integrating AD and Entra ID with enterprise IAM processes, including provisioning, deprovisioning, and access governance workflows.
  • Strong experience in OU and Entra ID administrative unit design, delegation, and access control aligned with least-privilege principles.
  • Advanced knowledge in GPO and Conditional Access policy management, including security baselining, auditing, and change control.
  • Expert-level PowerShell scripting and Graph API automation for auditing, reporting, and enforcing identity configurations.
  • Experience collaborating with Red Teams and Penetration Testing Teams to simulate attacks and strengthen defences.
  • Proficiency with AD and Entra ID security tools such as BloodHound / PingCastle / PurpleKnight / ADRecon / PowerView / Microsoft Defender for Identity.
  • Knowledge of Privileged Access Management (PAM) solutions and SIEM integration for identity threat detection.
  • Strong understanding of Zero Trust and EAM principles as applied to hybrid identity environments.

 

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

 

Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

 

GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

 

Learn more about our Technology Group here:
https://gic.careers/group/technology-group/

Our PRIME Values

Our PRIME Values

GIC is a values driven organization. GIC’s PRIME Values act as our compass, enabling us to fulfil our fundamental purpose and objectives. It is the foundational bedrock which governs our behaviors, our decision making, and our focus. It informs both our long-term strategy as a firm, and the way we relate to our Client, business partners and employees. PRIME stands for Prudence, Respect, Integrity, Merit and Excellence. 

Apply now »