Active Directory (On-prem) Engineer

Job Summary

• We are seeking a highly skilled Senior Active Directory Engineer to design, implement, secure, and maintain our enterprise Active Directory (AD) and related identity services. The ideal candidate will have deep technical expertise in Active Directory, Azure AD, and identity federation technologies, along with strong troubleshooting, automation, and security skills. This role is critical to ensure a robust, scalable, and secure identity infrastructure for our global organization.

Years of experience needed

• 8+ years of experience in On-Prem Active Directory

Key Responsibilities:

Architecture & Design:

• Lead the design, implementation, and enhancement of enterprise Active Directory, Azure AD, and hybrid identity solutions.
• Develop and maintain AD Group Policies, OU structure, replication, and DNS/DHCP integration.

Operations & Support:

• Provide tier-3 engineering support for AD, ADFS, Azure AD Connect, and identity-related issues.
• Monitor, troubleshoot, and optimize AD replication, authentication, and authorization processes.
• Manage enterprise PKI, certificate services, and secure LDAP.

Security & Compliance:

• Implement and enforce security best practices for AD, privileged access management (PAM), and conditional access.
• Partners with security teams conduct audits, vulnerability assessments, and remediation activities.
• Ensure compliance with regulatory standards (SOX, HIPAA, GDPR, etc.) as applicable.

Automation & Innovation:

• Develop automation scripts and tools (PowerShell, Python, etc.) for AD administration and reporting.
• Drive adoption of modern identity technologies, Zero Trust principles, and cloud-based IAM services.

Collaboration:

• Work closely with IT Security, Cloud, and Application teams on integrations, migrations, and upgrades.
• Provide mentorship to junior engineers and contribute to knowledge-sharing initiatives.

Education & Experience:

• Bachelor s degree in computer science, Information Technology, or related field (or equivalent experience).
• 7+ years of hands-on experience with Active Directory in enterprise environments.
• Strong experience with Azure AD, ADFS, Azure AD Connect, Conditional Access, and SSO/Federation.
• Experience with Windows Server (2016/2019/2022), DNS, DHCP, and PKI.

Technical Skills:

• Expert in PowerShell scripting and automation.
• Knowledge of Group Policy Management, Kerberos, LDAP, NTLM, and authentication protocols.
• Familiarity with identity security frameworks (Zero Trust, PAM, MFA).
• Experience with cloud integrations (Microsoft 365, SaaS apps, SAML, OAuth, SCIM).

Preferred:

• Microsoft Certified: Identity and Access Administrator Associate or similar certifications.
• Experience with Okta, Ping, or other IAM platforms a plus.
• Strong background in cybersecurity, incident response, and directory security hardening.

Key Competencies:

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication.
• Ability to lead projects and work independently with minimal supervision.
• High attention to detail and commitment to operational excellence.

About Mphasis

Mphasis applies to next-generation technology to help enterprises transform businesses globally. Customer centricity is foundational to Mphasis and is reflected in the Mphasis Front2Back Transformation approach. Front2Back uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis Service Transformation approach helps shrink the core through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis core reference architectures and tools, speed and innovation with domain expertise and specialization are key to building strong relationships with marquee clients.