Momento USA is a global technology consulting, talent acquisition and creative development firm that addresses clients most pressing needs and challenges.
We currently looking for MS Active Directory Consultant for a client based out in USA. Please see the job description below for your reference.
Location: Remote
Duration: 12 months - June 2027
Independent candidates only
**Previous Higher Education experience I think will be a huge plus-Public Sector will be a good back up**
NEED REFERNCES for this position.
Key Tasks and Responsibilities
1. Active Directory Architecture & Management
- OU & Group Optimization: Redesign and maintain a scalable OU structure to support automated provisioning and clear administrative boundaries.
- Security Group Governance: Implement and enforce a standardized naming convention and lifecycle process for security groups (e.g., AGDLP or RBAC models).
- GPO Engineering: Design and audit Group Policy Objects (GPOs) to enforce security baselines, disable legacy protocols (SMBv1, LLMNR), and manage user environments.
- Health Monitoring: Maintain domain controller health, focusing on replication topology, DNS integrity, and site-and-services optimization.
2. Security Hardening & Threat Mitigation
- Privileged Access Management (PAM): Implement "Least Privilege" by removing permanent members from highly privileged groups (Domain/Enterprise Admins) in favor of Just-In-Time (JIT) access.
- Identity Security: Lead remediation of audit findings by implementing Microsoft LAPS, Fine-Grained Password Policies (FGPP), and certificate-based authentication for admins.
- Vulnerability Remediation: Monitor and mitigate common AD attack vectors, including unconstrained delegation, weak Kerberos encryption (AES-256 migration), and orphaned service accounts.
3. Okta & Entra ID Integration
- Identity Synchronization: Configure and troubleshoot Entra ID Connect or Cloud Sync to ensure seamless hybrid identity flow for Office 365 and Azure resources.
- Okta Integration: Manage Okta AD Agents and IWA (Integrated Windows Authentication) for seamless Single Sign-On (SSO) across on-premises and cloud apps.
- Lifecycle Automation: Use PowerShell to bridge HRIS data with AD, automating user onboarding/offboarding triggers that sync through to Entra/Okta.
4. Knowledge, Skills, and Abilities - The Contractor must possess the following:
- Advanced PowerShell: Ability to write complex scripts for bulk attribute updates, security auditing, and automated reporting.
- Protocol Expertise: Expert understanding of Kerberos, LDAP/S, and SAML/OIDC as they relate to AD and cloud integrations.
- Hardened Infrastructure: Familiarity with deploying Secure Admin Workstations (SAWs) or Jump Servers for all administrative tasks.
- Governance: Experience operating within ITIL-based change management and maintaining detailed technical "runbooks. "
- Experience working in governed enterprise environments
- Ability to work independently on complex technical issues with minimal supervision.
- Strong written and verbal communication skills.
- Ability to maintain confidentiality and exercise sound judgment.
- Experience operating within structured IT governance and change management processes.
HAVE A NICE DAY!
Joe Murphy (Yousuf)
Technical Recruiter.
Momento USA | Exceeding Customer Expectations…
440 Benigno Blvd, Unit#A 2nd Floor. Bellmawr, NJ 08031
Interstate Business Park
Direct: Ext 1023 ; Fax:
Email: Joe Web:
Minority Certified by SWAM
National Minority Certified by NMSDC
One of the fastest growing company in NJ
Awarded fastest growing Asian American business by Diversitybusiness.com
E-verified Company
Information transmitted by this e-mail is proprietary to Momento USA and/ or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified
Note: Momento USA is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
Never miss an opportunity! Create an alert based on the job you applied for.
