...just to add that the syntax for the login in fact completes successfully:

use master

go

GRANT IMPERSONATE ON login::[domain\Security Group] TO [domain\User]

go

but then, when launching EXECUTE AS to impersonate an individual login, a member of [domain/Security Group], SQL Server cannot identify it!