Senior Directory Infrastructure engineer

Position : Senior Directory Infrastructure engineer

Location: Onsite

Interview: Onsite in person

Client : OCTO

PS - Local Candidates Only

The OCTO Engineering and security team is looking for a senior level Directory Infrastructure Engineer for complex projects.

The Office of the Chief Technology Officer's Security and Engineering Team manages a variety of functions including endpoint management, Active Directory, VPN, firewalls and security incident response. The team is l seeking experienced Directory Infrastructure Engineers with extensive expertise in enterprise identity infrastructure including Active Directory, Entra ID (formerly Azure AD), OKTA Universal Directory, and LDAP environments. The resource must have a proven track record of designing and managing complex directory services across multiple platforms with particular emphasis on the complete lifecycle management of AD domains. The ideal candidates will bring expertise in modern identity approaches including Just-In-Time access, Privileged Identity Management, and continuous validation patterns that balance security with user experience.

Key Responsibilities

Design, implement, and maintain enterprise directory services infrastructure Manage the complete lifecycle of AD domains including planning, deployment, maintenance, upgrades, and decommissioning

Lead domain consolidation, migration, and forest restructuring projects Develop domain health monitoring and proactive maintenance procedures Create and execute disaster recovery plans for directory services

Develop and maintain automation scripts using PowerShell for directory management tasks

Interface with directory services using GraphAPI and REST API for custom integrations

Implement and maintain security best practices for directory services Design and manage trust relationships between domains and forests

Create and maintain documentation for directory architecture and operational procedures

Provide escalation support for critical directory service incidents

Required Qualifications

5+ years of hands-on experience with enterprise directory services (Active Directory, Entra ID, OKTA Universal Directory, LDAP)

Demonstrated experience with AD domain lifecycle management including domain creation, upgrades, and decommissioning

Advanced PowerShell scripting skills with demonstrable experience automating directory management tasks

Proven experience with Microsoft GraphAPI and REST API integration for directory management

Experience with directory synchronization technologies (Azure AD Connect, OKTA integration agents, etc.)

Strong understanding of identity security best practices and compliance requirements

Experience with multi-forest and hybrid identity environments

Ability to design and implement complex directory architecture solutions

Preferred Qualifications

Relevant certifications (Microsoft 365 Certified: Identity and Access Administrator, OKTA Professional, etc.)

Experience with Terraform, Ansible, or similar IaC tools for directory infrastructure Knowledge of SAML, OAuth, OIDC, and other modern authentication protocols

Experience with Group Policy design and management

Expertise in domain controller sizing, placement, and performance optimization Experience with domain functional level upgrades and cross-domain migrations Familiarity with CI/CD pipelines for infrastructure automation

Experience with implementing Zero Trust architecture