...just to add that the syntax for the login in fact completes successfully:
use master
go
GRANT IMPERSONATE ON login::[domain\Security Group] TO [domain\User]
go
but then, when launching EXECUTE AS to impersonate an individual login, a member of [domain/Security Group], SQL Server cannot identify it!