Overview
Skills
Job Details
Job Title: Senior Directory Infrastructure Engineer
Location: Washington, DC (100% Onsite)
Interview Type: In-person Application Experience: 9+ Years
Summary:
This position will focus on the design, implementation, and ongoing management of identity infrastructure including Active Directory (AD), Entra ID (Azure AD), OKTA Universal Directory, and LDAP. This is a highly technical, hands-on engineering role with a focus on scalability, security, lifecycle management, and automation.
Key Responsibilities: Design, implement, and support enterprise-wide directory services solutions. Manage the full lifecycle of AD domains: planning, deployment, maintenance, upgrades, and decommissioning. Lead directory consolidation, forest restructuring, and domain migration initiatives. Develop robust health monitoring and preventive maintenance procedures. Create and maintain automation scripts (primarily PowerShell) for identity-related tasks. Integrate directory services using Microsoft Graph API and REST APIs. Implement and enforce security best practices across identity infrastructure. Manage trust relationships between domains and forests. Draft and maintain architectural and operational documentation. Act as an escalation point for critical identity infrastructure incidents. Coordinate with cross-functional teams to ensure alignment with enterprise security strategies including Zero Trust and Just-In-Time access.
Required Skills: 5+ years of hands-on experience managing enterprise directory services: Active Directory, Entra ID (Azure AD), OKTA Universal Directory, LDAP In-depth knowledge of: AD domain creation, upgrades, decommissioning Multi-forest and hybrid identity environments AD Connect and OKTA integration agents Advanced proficiency in PowerShell scripting Experience with Graph API and REST API integration Strong knowledge of identity security best practices and compliance frameworks Experience designing and implementing disaster recovery for identity infrastructure Familiarity with Just-in-Time (JIT) access and Privileged Identity Management (PIM) Preferred
Qualifications:
Certifications such as:
Microsoft 365 Certified
Identity and Access Administrator Associate OKTA Certified
Professional or similar Experience with IaC0 tools: Terraform, Ansible, etc. Knowledge of modern authentication
protocols: SAML, OAuth, OIDC Group Policy design and domain controller optimization Experience with domain functional level upgrades and cross-domain migrations Familiarity with CI/CD practices for infrastructure deployment Exposure to Zero Trust architecture implementation
Work Environment:
Onsite in Washington, DC no remote option Must be available for in-person
interview Skill Required / Desired Amount of exp required Candidate's actual exp experience with enterprise directory services (Active Directory, Entra ID, OKTA Universal Directory, LDAP)
Required 6 experience with AD domain lifecycle management including domain creation, upgrades, and decommissioning.
Required 5 Advanced PowerShell scripting skills with demonstrable experience automating directory management tasks.
Required 5 Proven experience with Microsoft GraphAPI and REST API integration for directory management.
Required 5 Strong understanding of identity security best practices and compliance requirements Required 5 Experience with directory synchronization technologies (Azure AD Connect, OKTA integration agents, etc.).
Required 5 Experience with multi-forest and hybrid identity environments.
Required 5 Ability to design and implement complex directory architecture solutions.
Required 5 Bachelor s degree Required