Active Directory Windows Engineer

Active Directory Windows Engineer

Location
New York

Business Area
Engineering and CTO

Ref #
10047748

Description & Requirements

Our Team:

The Global Corporate Technology Group is responsible for designing, deploying, and supporting Bloomberg's enterprise IT systems. This includes our global corporate network plus all hardware, software and enterprise applications used by nearly 21,000 employees in more than 170 state-of-the-art offices around the world. We focus on enterprise solutions, productivity tools, and IT systems integration which helps move all of Bloomberg's businesses forward.

As part of the Server & Storage team, a key responsibility is ensuring all Active Directory services are available and functional. We are also managing the lifecycle of the Infrastructure enterprise systems and the security components.

Role Summary:

We are seeking a skilled and experienced Windows Active Directory (AD) Engineer to design, implement, secure, and maintain our enterprise Active Directory environment. This role requires deep expertise in AD architecture, Group Policy management, domain services, and integration with identity-related services such as ADFS, Azure AD, and conditional access. The ideal candidate will also support the organization's efforts to modernize and secure its identity infrastructure.

Key Responsibilities:

• Architect, implement, and maintain enterprise-scale Active Directory environments, including forests, domains, trusts, and replication strategies.
• Serve as a Domain Administrator with privileged access to Domain Controllers, responsible for managing directory infrastructure (FSMO roles, Kerberos KDCs, replication topology), overseeing schema modifications and trust relationships, creating and managing top-level OU hierarchies with appropriate security permissions and GPO linkages, monitoring and securing the domain root and Domain Controllers OU.
• Lead disaster recovery planning and execution for schema, trust, and domain-level incidents.
• Administer Group Policy at the domain root and Domain Controllers OU, ensuring compliance and security.
• Perform secure remote administration of Domain Controllers and member servers.
• Coordinate alarm distribution and security event monitoring with OU Admins.
• Plan and manage all AD and Domain Controller migrations and upgrades.
• Ensure compliance with regulatory and auditing requirements in a highly secure environment.

You'll need to have:

• 4+ years of proven experience in software delivery automation and architecting complex Active Directory environments.
• Deep expertise in the Windows Server platform and supporting identity services, including Active Directory, GPO, DNS, DHCP, and Certificate Authorities (CAs).
• Strong knowledge of identity lifecycle management and authentication protocols (Kerberos, NTLM).
• Expertise designing and implementing AD forests, domains, trusts, and replication strategies.
• Extensive hands-on experience utilizing and administering CI/CD tools (e.g., Jenkins, GitHub, Octopus).
• Strong programming and scripting proficiency in PowerShell or
• Intermediate programming proficiency in python or equivalent language (Advanced PowerShell acceptable alternative).
• Hands-on experience with Infrastructure as Code (IaC) tools (Terraform, Ansible, Chef, or Salt) and applying DevOps principles.
• Comprehensive knowledge of Windows Server operating systems.
• Familiarity with monitoring and logging tools (e.g., Grafana, Humio).
• Solid understanding of security best practices, change management, and backup/recovery strategies in AD.
• Experience working in regulated environments with an emphasis on compliance and auditing.
• Ability to work collaboratively in a fast-paced, team-oriented environment.
  Degree in Computer Science, Engineering, Mathematics, or a similar field of study, or equivalent work experience.

We'd Love to See:

• Hybrid Identity: Hands-on experience with Azure AD, Azure AD Connect, and Conditional Access policies.
• Authentication & Integration: Familiarity with MFA, SSO, and federation technologies (e.g., ADFS, SAML, OAuth).
• Experience integrating AD with other platforms (e.g., Linux, SaaS applications).
• Security Operations: Experience with enterprise-wide EDR or Antivirus deployment and maintenance.
• Certifications: Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate or Azure Solutions Architect.
• Mindset: A strong documentation focus, excellent verbal communication skills, and a mindset for proactive problem-solving and continuous improvement.
• Experience with third-party identity and privilege access management tools (e.g., CyberArk, BeyondTrust).
• Familiarity with Zero Trust architecture and conditional access models.
• Exposure to incident response, AD forensics, and ITIL-based change management processes.

Salary Range = 00 USD Annually + Benefits + Bonus

The referenced salary range is based on the Company's good faith belief at the time of posting. Actual compensation may vary based on factors such as geographic location, work experience, market conditions, education/training and skill level.

We offer one of the most comprehensive and generous benefits plans available and offer a range of total rewards that may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability benefits, 401(k) +match, life insurance, and various wellness programs, among others. The Company does not provide benefits directly to contingent workers/contractors and interns.

Discover what makes Bloomberg unique - watch our for an inside look at our culture, values, and the people behind our success.