Expert, Infrastructure Security Engineer (Identity & Attack Path Management)

About the role

We are your Energy Technology Partner. We electrify, automate, and digitalize every industry, business, and home, driving efficiency and sustainability for all. At Schneider Electric, our values - IMPACT (Inclusion, Mastery, Purpose, Action, Curiosity, Teamwork) - are the foundation of everything we do. Becoming an Impact Maker means turning sustainability ambitions into actions at the intersection of automation, electrification, and digitization. Are you ready to lead the digital transformation to create a more sustainable world? If you are up to challenge your creativity and make an impact, we are excited to welcome you! Schneider Digital is the digital department of Schneider Electric, leading the digital transformation in the company by giving support globally to our internal teams and our clients. Schneider Digital consists of 6 Digital Hubs worldwide which are strategically located to ensure a 24/7 support across the company (France, China, India, USA, Mexico and Spain). Our Digital Hub in Barcelona is formed by +450 employees working in strategic projects and different roles such as Data, Cybersecurity, ERP, Cloud, Infrastructures, IT Project Management or Digital Marketing. As an Infrastructure Security Engineer (Identity & Attack Path Management) , you will play a critical role in ensuring the security, integrity, and resilience of our enterprise identity infrastructure across on-premises and cloud environments. Leveraging your expertise in Active Directory, Azure AD / Entra ID, and hybrid identity integrations, you will analyze identity-related risks, detect misconfigurations, privilege escalation vectors, and lateral movement paths, and contribute to remediation strategies that strengthen the organization's identity posture. As a key member of the Infrastructure Security team, you will collaborate with cloud, infrastructure, and security engineering teams, actively sharing knowledge and fostering a collaborative environment. What will you do? Within the Identity & Attack Path Management scope, we: Operate identity security and attack-path analysis solutions such as BloodHound, PingCastle, and equivalent platforms. Identify identity-related risks, misconfigurations, excessive privileges, and lateral movement vectors across AD, Entra ID, and hybrid identity environments. Perform continuous discovery and monitoring of identity exposures, high-risk objects, and structural directory weaknesses. Support incident, problem, and change processes related to identity and directory services. Analyze hybrid identity synchronization issues and collaborate with Cloud and Infrastructure teams to ensure secure, resilient, and compliant directory-services operations. Contribute to identity security baselines, remediation planning, and hardening initiatives that reduce the enterprise attack surface. What qualifications will make you successful for this role? Candidates must possess a strong background in identity or infrastructure security with a minimum of 5 years of hands-on experience working with directory services, specifically Active Directory and Azure AD / Entra ID. Experience performing identity-focused risk assessments, privilege analysis, and directory misconfiguration detection using tools such as BloodHound, PingCastle, or equivalent platforms is required. Practical familiarity with AD Connect, hybrid authentication flows, and troubleshooting identity synchronization issues is highly valuable. Technical Expertise: A deep understanding of Active Directory internals, including authentication flows, Kerberos, NTLM, delegation models, privileged groups, service accounts, and domain/forest trust relationships, is essential. Strong familiarity with Entra ID architecture, identity governance concepts, Conditional Access, and hybrid identity integration patterns is expected. Hands-on experience detecting and analyzing attack paths, excessive privileges, ACL/ACE misconfigurations, and structural directory weaknesses is key. Knowledge of automation or scripting (e.g., PowerShell) to support identity analysis and remediation is a plus. Incident Response & Compliance: Candidates should have demonstrated ability to support incidents involving identity compromise, unauthorized privilege escalation, or directory misconfigurations, providing accurate root-cause analysis and remediation guidance. Experience reviewing identity and directory configurations for compliance with organizational security baselines, privileged access policies, and industry frameworks is an advantage. What will you get? We adapt to you: With our flexible schedule, you'll have the freedom to adjust your work hours to accommodate your personal needs and responsibilities. We know how great it is to work from home. With our hybrid work plan, you can enjoy working from the comfort of your home. Need more time to relax and disconnect? With our Holy Pack, you can purchase additional vacation days to recharge when you need it most. Cele

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Schneider Electric? Share your experience