Senior Cybersecurity Engineer

Company Description

Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises. Our Senior Cybersecurity Engineer is responsible for protecting Zayo computer networks from cybersecurity attacks and unauthorized access, with a primary focus on the security, design, and operational integrity of Active Directory (AD) and hybrid identity environments. This role leads efforts to assess, harden, and modernize AD infrastructure, ensuring resilience against identity-based threats. The engineer partners with Cybersecurity, Infrastructure, and Cloud teams to implement secure identity architectures, enforce least privilege, and align with regulatory and security best practices. This role may require rotating 24x7 on-call support. Job Responsibilities: Design, implement, and secure Active Directory (AD) and Azure Entra ID environments, including hybrid identity configurations. Lead Active Directory security assessments across enterprise AD forests, identifying misconfigurations, attack paths, and control gaps. This role is focused on enterprise identity security, privileged access governance, and hybrid identity protection — not traditional Windows systems administration. Partner with internal and external stakeholders to develop and maintain a prioritized remediation roadmap, aligned to 1) Zayo risk posture; 2) Regulatory requirements; 3) Internal policies and security standards Drive execution of remediation efforts to reduce AD-related risk and improve overall security posture. Lead AD security hardening initiatives, including: 1) Tiered administration model (Tier 0/1/2); 2) Privileged access restrictions; 3) Secure Group Policy design Monitor and defend against identity-based attacks such as 1) Pass-the-Hash / Pass-the-Ticket; 2) Kerberoasting; 3) Credential dumping Implement and manage Privileged Access Management (PAM) and Privileged Identity Management (PIM) solutions. Manage and secure Group Policy Objects (GPOs) to enforce enterprise security standards. Oversee identity lifecycle processes within AD, including provisioning, deprovisioning, and access reviews. Integrate AD with enterprise IAM platforms (e.g., SailPoint, CyberArk) and cloud identity providers. Implement and maintain Multi-Factor Authentication (MFA) and Conditional Access policies. Monitor AD logs and security events using SIEM tools; investigate anomalies and support incident response. Develop and maintain automation scripts (PowerShell) for AD management, reporting, and security enforcement. Collaborate with Red Team / Blue Team exercises to validate AD security posture. Document AD architecture, configurations, and security standards. Stay current with emerging threats, vulnerabilities, and best practices in AD and identity security. Experience and Education Requirements: Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent experience). Minimum of five (5) years of experience managing and securing Active Directory environments. Demonstrated experience leading AD security assessments and remediation programs in complex enterprise environments. Strong expertise in: 1) AD architecture (domains, forests, trusts); 2) Group Policy management; 3) DNS, LDAP, Kerberos authentication Hands-on experience with Azure Entra ID and hybrid identity architectures. Experience with PowerShell scripting for automation and administration. Strong understanding of identity-based attack techniques and mitigation strategies. Experience with SIEM tools (e.g., Splunk, Sentinel) for monitoring and incident response. Knowledge of security frameworks and compliance standards (NIST, ISO 27001, CIS Benchmarks). Strong analytical, troubleshooting, and problem-solving skills. Excellent communication and collaboration abilities. Preferred Qualifications: Experience implementing Tier 0/Tier 1/Tier 2 AD security models. Familiarity with tools such as 1) BloodHound; 2) PingCastle; 3) Microsoft Defender for Identity Experience with Zero Trust architecture and identity-centric security models. Exposure to IAM platforms (e.g., SailPoint) for identity governance integration. Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator, CISSP, CISM). Tech Stack:

• Active Directory (AD DS)
• Azure Entra ID
• Group Policy (GPO)
• PowerShell
• SIEM (Sumologic)
• Microsoft Defender for Identity
• PAM / PIM solutions (CyberArk)

Estimated base salary range: $95,100 - $146,300 USD/annually. #LI-Remote #LI-MF1 The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan. Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off. The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled. Benefits, Rewards & Wellness Excellent Health, Dental & Vision Insurance Retirement 401(k) Savings Plan Generous paid time off policy including paid parental leave Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Apply To This Job