Overview
Remote
On Site
$75 - $85 hourly
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - Temp
Skills
Access Control
Collaboration
Auditing
Reporting
Sarbanes-Oxley
HIPAA
Management
Microsoft Azure
Quest
Server Architecture
RBAC
Workflow
Customization
API
Active Directory
Delegation
Microsoft Office
Microsoft Exchange
Licensing Management
Regulatory Compliance
Identity Management
Windows PowerShell
Scripting
High Availability
Disaster Recovery
SSO
Multi-factor Authentication
IT Service Management
ServiceNow
Provisioning
PKI
Lifecycle Management
Artificial Intelligence
Messaging
Job Details
RESPONSIBILITIES:
Kforce has a client that is seeking a Quest ARS Engineer IV in Nashville, TN.
Key Responsibilities:
Design & Architecture:
* Architect and deploy Quest Active Roles Server solutions for large-scale, hybrid identity environments
* Define and implement ARS architecture, including Administration Service, Web Interface, and AD LDS configuration store
* Develop high-availability and disaster recovery strategies for ARS and supporting infrastructure
Identity Management & Automation:
* Configure and manage Role-Based Access Control (RBAC), Access Templates, and Managed Units for delegated administration
* Build and maintain policy-based workflows for user provisioning, deprovisioning, and approval processes
* Implement automation for M365 license assignment, group management, and mailbox provisioning using ARS policies and PowerShell scripts
Integration & Customization:
* Integrate ARS with Active Directory, Entra ID, and Microsoft 365 services
* Customize ARS using PowerShell scripting, event handlers, and API integrations to meet business requirements
* Collaborate with ITSM and HR systems for automated joiner/mover/leaver processes
Security & Compliance:
* Enforce least-privilege delegation and separation of duties through ARS RBAC
* Implement auditing and reporting for compliance with regulatory standards (SOX, HIPAA, etc.)
* Ensure secure connectivity, certificate management, and MFA/SSO integration for ARS Web Interface
REQUIREMENTS:
* Looking for someone with deep experience designing, implementing, and supporting ARS to manage Active Directory (AD), Microsoft 365 (M365), and Entra ID (Azure AD) in hybrid environments
* Expert knowledge of ARS architecture, RBAC, Access Templates, and workflow automation
* Strong background in Microsoft Active Directory design and support
* Experience with hybrid identity, directory synchronization, and M365/Entra ID integration
* Ability to customize ARS using PowerShell, event handlers, and API integrations
* Solid understanding of security, compliance, and least-privilege delegation
Expert-level experience with Quest Active Roles Server:
* Architecture, deployment, and configuration in enterprise environments
* RBAC design, Access Templates, Managed Units, and workflow automation
* Customization using PowerShell, event handlers, and API integrations
Extensive experience with Microsoft Active Directory:
* Multi-domain/forest design, GPOs, OU structure, and security delegation
Strong knowledge of:
* Hybrid identity and directory synchronization (AD; Entra ID)
* Microsoft 365 integration (Exchange Online, Teams, Groups, license management)
* Security and compliance best practices for identity management
Hands-on experience with:
* PowerShell scripting for automation
* High availability and disaster recovery for ARS and supporting components
* SSO/MFA integration (e.g., Entra ID Conditional Access, Okta)
Preferred Skills:
* Experience with ITSM integrations (e.g., ServiceNow) and HR-driven provisioning
* Familiarity with REST APIs and modern identity governance frameworks
* Knowledge of PKI, certificate lifecycle management, and secure credential handling
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Kforce has a client that is seeking a Quest ARS Engineer IV in Nashville, TN.
Key Responsibilities:
Design & Architecture:
* Architect and deploy Quest Active Roles Server solutions for large-scale, hybrid identity environments
* Define and implement ARS architecture, including Administration Service, Web Interface, and AD LDS configuration store
* Develop high-availability and disaster recovery strategies for ARS and supporting infrastructure
Identity Management & Automation:
* Configure and manage Role-Based Access Control (RBAC), Access Templates, and Managed Units for delegated administration
* Build and maintain policy-based workflows for user provisioning, deprovisioning, and approval processes
* Implement automation for M365 license assignment, group management, and mailbox provisioning using ARS policies and PowerShell scripts
Integration & Customization:
* Integrate ARS with Active Directory, Entra ID, and Microsoft 365 services
* Customize ARS using PowerShell scripting, event handlers, and API integrations to meet business requirements
* Collaborate with ITSM and HR systems for automated joiner/mover/leaver processes
Security & Compliance:
* Enforce least-privilege delegation and separation of duties through ARS RBAC
* Implement auditing and reporting for compliance with regulatory standards (SOX, HIPAA, etc.)
* Ensure secure connectivity, certificate management, and MFA/SSO integration for ARS Web Interface
REQUIREMENTS:
* Looking for someone with deep experience designing, implementing, and supporting ARS to manage Active Directory (AD), Microsoft 365 (M365), and Entra ID (Azure AD) in hybrid environments
* Expert knowledge of ARS architecture, RBAC, Access Templates, and workflow automation
* Strong background in Microsoft Active Directory design and support
* Experience with hybrid identity, directory synchronization, and M365/Entra ID integration
* Ability to customize ARS using PowerShell, event handlers, and API integrations
* Solid understanding of security, compliance, and least-privilege delegation
Expert-level experience with Quest Active Roles Server:
* Architecture, deployment, and configuration in enterprise environments
* RBAC design, Access Templates, Managed Units, and workflow automation
* Customization using PowerShell, event handlers, and API integrations
Extensive experience with Microsoft Active Directory:
* Multi-domain/forest design, GPOs, OU structure, and security delegation
Strong knowledge of:
* Hybrid identity and directory synchronization (AD; Entra ID)
* Microsoft 365 integration (Exchange Online, Teams, Groups, license management)
* Security and compliance best practices for identity management
Hands-on experience with:
* PowerShell scripting for automation
* High availability and disaster recovery for ARS and supporting components
* SSO/MFA integration (e.g., Entra ID Conditional Access, Okta)
Preferred Skills:
* Experience with ITSM integrations (e.g., ServiceNow) and HR-driven provisioning
* Familiarity with REST APIs and modern identity governance frameworks
* Knowledge of PKI, certificate lifecycle management, and secure credential handling
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.