Enterprise Active Directory

Title                                      : IAM Engineer With Azure AD and Entra ID

Location                               : Ada, MI , Kent County  (onsite)

Duration                               : 12+ Months

Rate                                     : $50/hr on w2

Required Skills:
•       Proven experience architecting AD in large, multi-domain, multi-site enterprise environments.
•       Deep expertise in:
o       Domain/Forest model design
o       Group Policy architecture
o       AD security & hardening
o       DNS/DHCP
o       Azure AD & Hybrid Identity
o       Federation & SSO models (ADFS, OAuth, SAML)
•       Strong PowerShell automation skills.
•       Solid understanding of networking (TCP/IP, routing, firewalls, load balancers).
•       Familiarity with zero-trust and identity security frameworks.

Key Responsibilities:
Active Directory Architecture & Design
•       Lead the design and implementation of enterprise-scale Active Directory architectures.
•       Architect domain/forest structures, OU design, Group Policy frameworks, and AD security baselines.
•       Define AD governance, naming conventions, delegation models, and identity lifecycle standards.
•       Oversee AD replication, domain controller placement, and Site/Subnet configurations.
•       Design and implement secure authentication models (Kerberos, LDAP/S, NTLM hardening).
Identity & Access Management
•       Architect solutions for IAM, including RBAC, least privilege models, privileged access management (PAM), and SSO/MFA.
•       Lead integration between on-prem Active Directory and Azure AD (Cloud Hybrid Identity).
•       Oversee Azure AD Connect, federation services (ADFS), Conditional Access, and identity governance.
Windows Infrastructure Architecture
•       Design and standardize Windows Server builds, hardening baselines, and automation frameworks.
•       Architect solutions for patching, configuration management, and OS lifecycle management.
•       Provide architecture leadership for virtualization platforms (VMware/Hyper-V) as they relate to Windows workloads.
Security & Compliance
•       Lead identity and Windows security posture improvements using Entra ID Protection, Conditional Access, and MFA.
•       Work closely with the security team to design secure AD and Windows infrastructures aligned with zero-trust principles.
•       Drive remediation of AD vulnerabilities, legacy protocols, and misconfigurations.
•       Support identity governance audits, compliance assessments, and security reviews.
Automation & Optimization
•       Architect automation solutions using PowerShell, DSC, and modern configuration tools (Intune/SCCM).
•       Recommend improvements to performance, reliability, identity workflow, and user provisioning.
Cross-Functional Leadership
•       Serve as the enterprise SME for AD, Windows, and identity services..