Role Summary
We are seeking an experienced Active Directory (AD) Engineer to design, build, and operate core Microsoft Active Directory infrastructure, with a strong focus on isolated forests, segregated domains, and security‑driven directory architectures. This role is critical to enabling secure authentication, legacy containment, privilege isolation, and enterprise identity resilience.
The engineer will own the lifecycle of AD forests and domains, partner with security and platform teams, and ensure directory services meet availability, security, and compliance requirements.
Key Responsibilities
Active Directory Architecture & Engineering
- Design, build, and maintain Active Directory forests, trees, and domains, including additional and isolated forests for security or regulatory purposes
- Implement resource forests, containment forests, and hardened domains for legacy protocols, privileged access, or application isolation
- Design and manage inter‑forest and intra‑forest trusts (one‑way, two‑way, selective authentication)
- Plan and execute domain controller placement, site topology, and replication strategy
Core AD Administration
- Deploy, patch, and maintain Domain Controllers (Windows Server)
- Manage FSMO roles, time synchronization, DNS integration, and SYSVOL
- Administer Group Policy Objects (GPOs) for security baselines and configuration management
- Manage AD objects: users, groups, computers, service accounts, and delegation models
Security & Hardening
- Enforce Active Directory security best practices and tiered administration models
- Build privilege isolation domains for admin accounts and privileged workloads
- Support initiatives such as:
- Legacy protocol isolation (NTLM, RC4, LDAP signing exceptions)
- Service account governance and gMSA implementation
- AD attack surface reduction (lateral movement prevention, tiering)
- Partner with security teams during incidents, audits, and risk remediation efforts
Migration & Transformation
- Domain and forest builds and decompositions
- Application and server migrations between domains or forests
- Legacy domain containment and modernization efforts
- Coordinate with application, server, and IAM teams to minimize disruption
Monitoring, Troubleshooting & Operations
- Replication failures
- Authentication and trust issues
- DNS and Kerberos‑related problems
- Maintain AD health using monitoring tools and best practices
- Create and maintain operational runbooks and SOPs
Required Qualifications
Experience
- 8+ years of hands‑on Active Directory engineering and administration experience
- Proven experience building new forests and domains, including isolated or segmented environments
- Deep understanding of AD internals and authentication mechanisms
Technical Expertise
- Active Directory Domain Services (AD DS)
- DNS, Kerberos, LDAP, NTLM
- Forest/domain trusts and authentication boundaries
Never miss an opportunity! Create an alert based on the job you applied for.
