Active Directory Engineer
The L2 Engineer for On-Premises and Azure Active Directory is responsible for maintaining the stability, performance, and security of enterprise directory services. This includes troubleshooting complex issues, implementing enhancements, and supporting seamless integration between on-prem AD and Azure AD. The role also requires proactive involvement in security hardening, lifecycle management, automation, and supporting a hybrid cloud infrastructure.
Key Responsibilities:
1. Active Directory (On-Premises):
Design and Maintenance:
Architect and manage multi-domain, multi-forest Active Directory environments.
Perform schema extensions and manage= replication across sites.
Plan and execute AD migrations, upgrades, and domain consolidations.
Configuration and Optimization:
Configure and optimize Group Policy Objects (GPOs) for user and device management.
Manage trusts, sites, and services to ensure optimal directory performance.
Security:
Implement security measures such as access controls, auditing, and logging.
Regularly perform AD security assessments using tools like ADAudit+, PingCastle, or BloodHound.
Address vulnerabilities identified through audits and penetration tests.
Troubleshooting:
Diagnose and resolve advanced AD issues related to authentication, replication, and performance.
Support complex Kerberos and NTLM authentication scenarios.
2. Azure Active Directory (AAD):
Integration and Management:
Deploy and configure Azure AD Connect for hybrid identity scenarios.
Ensure seamless synchronization of on-prem AD with Azure AD, managing attributes and custom rules.
Implement conditional access policies, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM).
Applications and SSO:
Integrate enterprise applications with Azure AD for Single Sign-On (SSO).
Manage OAuth, OpenID Connect, and SAML integrations for third-party services.
Identity Protection:
Configure Azure AD Identity Protection to monitor suspicious activity.
Investigate alerts and take corrective actions for compromised accounts.
3. Automation & Scripting:
Develop PowerShell scripts for bulk user management, auditing, and system automation.
Create and maintain Infrastructure as Code (IaC) templates for Azure AD resources using ARM, Terraform, or Bicep.
4. Monitoring & Reporting:
Use monitoring tools like Azure Monitor, Sentinel, or on-prem solutions to track system health and generate compliance reports.
Implement alerting mechanisms for unauthorized access attempts, account lockouts, or replication failures.
5. Collaboration & Documentation:
Work closely with other IT teams, including network, cloud, and security, to support initiatives.
Maintain detailed documentation for all configurations, processes, and troubleshooting guides.
Required Qualifications:
Expert-level knowledge of Microsoft Active Directory (2008 R2, 2012 R2, 2016, 2019).
In-depth experience with Azure Active Directory and hybrid identity management.
Strong understanding of LDAP, Kerberos, DNS, and networking fundamentals.
Proficiency in PowerShell and experience with automation tools.
Familiarity with security tools like Azure Sentinel, Defender for Identity, or equivalent.
Certifications (Preferred):
Microsoft Certified: Identity and Access Administrator Associate.
Microsoft Certified: Azure Solutions Architect Expert.
CompTIA Security+ or CISSP (for security-focused roles).
Soft Skills:
Analytical thinking with excellent problem-solving abilities.
Ability to work independently and in cross-functional teams.
Effective communication skills for technical and non-technical stakeholders.
Additional Responsibilities (Optional):
Participate in disaster recovery and business continuity planning.
Assist in planning Zero Trust Architecture strategies.
Contribute to Identity Governance and Administration (IGA) initiatives.
This role typically requires 5+ years of experience in identity management or related IT fields. The job may also involve being part of an on-call rotation for critical incident support.
Never miss an opportunity! Create an alert based on the job you applied for.