Global Enterprise Domain Engineer

Leidos is seeking a Global Enterprise Domain Engineer to design, manage, and secure Active Directory (AD) infrastructure to support mission-critical Department of Defense (DoD) IT systems. This role requires deep expertise in AD administration, PowerShell and Ansible automation, and DoD security compliance to ensure scalable, secure, and efficient identity and access management solutions. The candidate must hold an active Top Secret/SCI clearance and be willing to commute on-site to Ft Belvoir, VA.

Key Responsibilities:

• Design, implement, and maintain Active Directory forests, domains, trusts, and organizational units (OUs) to meet DoD scalability and security requirements.

• Configure and troubleshoot Group Policy Objects (GPOs) to enforce DoD Security Technical Implementation Guides (STIGs), software deployment, and system configurations.

• Automate AD administration tasks (e.g., user provisioning, group management, and compliance reporting) using PowerShell and Ansible playbooks/roles.

• Design and maintain reusable PowerShell modules and Ansible playbooks/roles for deployment in DoD networks, ensuring scalability, security, and performance.

• Integrate PowerShell scripts and Ansible automation with cloud platforms (e.g., Azure, AWS, Microsoft 365) and DoD-specific systems to support Infrastructure as Code (IaC) and DevSecOps initiatives.

• Maintain version control for scripts and playbooks using Git and contribute to team repositories on DoD-approved platforms.

• Provide technical documentation, including detailed help files for PowerShell scripts and Ansible playbooks, compliant with DoD standards.

• Secure AD environments against advanced threats (e.g., pass-the-hash, Golden Ticket) by implementing tiered administration models and Privileged Access Management (PAM) solutions.

• Manage AD-integrated DNS zones, DHCP services, and Active Directory Certificate Services (AD CS) for secure authentication and PKI integration.

• Implement and maintain hybrid identity solutions using Azure Active Directory (Entra ID) and Azure AD Connect, ensuring seamless integration with on-premises AD.

• Monitor and troubleshoot AD replication, FSMO roles, and performance using tools like Repadmin, DCDiag, and Microsoft Defender for Identity.
• Develop and execute unit tests for PowerShell scripts (using Pester) and Ansible playbooks (using Molecule) to ensure reliability and compliance.

• Maintain version control for scripts and playbooks using Git on DoD-approved repositories and integrate automation into CI/CD pipelines (e.g., Azure DevOps).

• Ensure AD configurations comply with DoD standards, including RMF, NIST 800-53, and DISA STIGs, and support audit processes with detailed documentation.

• Collaborate with cybersecurity teams to implement secure scripting practices, including script signing, credential management, and audit logging.

Required Qualifications:

• Must have active Top Secret / SCI security clearance

• Bachelor's degree in a related discipline and 12+ years of relevant experience, or Master's and 10+ years. Additional years of experience may be considered in lieu of degree.
• 10+ years of experience managing enterprise Active Directory environments.

• 7+ years of experience in PowerShell scripting and automation in enterprise environments.

• 3+ years of experience with Ansible automation, including playbook and role development for system configuration and deployment.

• 3+ years of experience supporting DoD IT systems or networks.

• Proven expertise in Windows Server, Active Directory, Group Policy administration, and Linux system management using PowerShell and Ansible.

• Advanced proficiency in Active Directory administration, including forest/domain design, trusts, schema management, and replication.

• Expertise in Group Policy management and STIG compliance using GPMC and PowerShell.

• Strong knowledge of PowerShell (including PowerShell 7+ for cross-platform tasks) and the ActiveDirectory module for automation.

• Proficiency in Ansible playbook and role development for AD and system configuration management.

• Experience with Azure AD/Entra ID, Azure AD Connect, and related PowerShell modules (e.g., Microsoft.Graph) and Ansible collections.

• Knowledge of AD-integrated DNS, DHCP, and AD CS for PKI and secure authentication.

• Proficiency in REST API integration, JSON/XML handling, and secure authentication (e.g., OAuth, API keys) in PowerShell and Ansible workflows.

• Strong knowledge of .NET objects, COM objects, and PowerShell classes for custom solutions, as well as YAML and Jinja2 templating for Ansible.

• Familiarity with regular expressions (regex) for text parsing and data validation.

• Experience with CI/CD pipelines using tools like Azure DevOps, GitHub Actions, or Ansible Tower/AWX for automation workflows.

• Understanding of DoD security frameworks, including STIGs, RMF, and secure scripting/automation practices.

• Strong problem-solving and debugging skills for complex automation challenges in PowerShell and Ansible.

• Excellent communication skills to document solutions and collaborate with cross-functional teams.

• Ability to work in a fast-paced, secure environment while adhering to strict DoD compliance standards.

Preferred Qualifications:

• Certifications: Microsoft Certified: Windows Server, Azure Administrator Associate, Red Hat Certified Ansible Automation, or equivalent.

• Experience with cross-platform automation (Windows, Linux, macOS) using PowerShell Core and Ansible.

• Contributions to open-source PowerShell or Ansible projects or published modules/roles in PowerShell Gallery or Ansible Galaxy.

• Familiarity with DoD-specific tools and platforms, such as DISA's HBSS or ACAS.

Original Posting:
May 5, 2025
For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:
Pay Range $126,100.00 - $227,950.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.