L3 Active Directory Engineer

Hybrid in San Francisco, CA, US • Posted 16 hours ago • Updated 16 hours ago
Full Time
Hybrid
$120,000 - $150,000/yr
Company Branding Image
Fitment

Dice Job Match Score™

🔢 Crunching numbers...

Job Details

Skills

  • Active Directory
  • L3
  • Windows
  • Infrastructure

Summary

Job Role: L3 Active Directory Engineer / AD SME

Location: SFO, CA (Hybrid)

Type: Fulltime

Job Description: L3 Engineer / SME Active Directory (OnPremise)

Experience: 7 12+ years

Domain: Identity & Access Management, Windows Infrastructure

Role Summary

We are looking for a highly skilled L3 Active Directory (OnPremise) SME with deep experience in designing, managing, and troubleshooting complex AD environments. The candidate will be the highest escalation point for AD issues, lead architectural improvements, perform RCA, and ensure AD security, availability, and performance in a large enterprise environment.

Key Responsibilities

  1. L3 Escalation & Technical Support

Serve as the toptier escalation for Active Directory and Windows infrastructure issues.

Troubleshoot complex authentication, replication, DNS, GPO, policy processing, and trust issues.

Perform advanced RCA, log analysis, and performance debugging.

Develop L3 SOPs, KB articles, scripts, and automation for operations teams.

  1. Active Directory Administration & Architecture

Manage and maintain large multidomain, multiforest onprem AD environments.

Oversee FSMO roles, domain controllers (DC health), AD sites, replication topology.

Install, upgrade, and harden domain controllers (physical/virtual).

Implement AD schema updates, forest/domain functional level upgrades.

Perform AD migration, consolidation, restructuring, and domain/forest trust design.

  1. DNS, DHCP, & Windows Core Infrastructure

Troubleshoot AD-integrated DNS issues (zones, scavenging, forwarding, delegation).

Manage and secure DHCP scopes, reservations, failover.

Deep understanding of Kerberos, NTLM, LDAP, LDAPS, SPNs, tickets, token bloat.

Ensure GPO performance tuning, inheritance control, WMI filters, controlled rollouts.

  1. Security & Hardening

Implement AD security baselines, CIS benchmarks, and Microsoft security best practices.

Periodically audit domain controllers, replication, delegations, privileged groups.

Manage tiered admin model, least privilege, JustInTime (JIT) & JustEnoughAdministration (JEA).

Enforce password policies, PAM/Privileged Identity controls, and secure service account management.

Perform logs and event analysis through SIEM (Splunk, Sentinel, QRadar).

  1. High Availability & DR

Build and validate disaster recovery procedures for AD, DNS, and DHCP.

Maintain backup/restore strategies using tools like AD Recycle Bin, Authoritative Restore, System State, VM snapshots.

Ensure site resiliency, replication health, and multisite availability.

  1. Automation & Scripting

Automate AD operations using PowerShell (mandatory).

Build scripts for:

User provisioning/deprovisioning

Group management

GPO backup/restore

ACL/permissions

Health monitoring & reporting

  1. Integration & Identity Services

Expertise integrating AD with:

ADFS

Azure AD Connect (Sync rules, writeback, filtering)

SSO solutions

LDAPbased applications

PKI/Certification Services

Understand hybrid identity dependencies (even though this role is onprem focused).

Required Skills & Qualifications

7 12+ years handson experience in enterprise Active Directory environments.

Deep knowledge of:

AD architecture, design & security

DNS, DHCP, Sites & Services

Kerberos, LDAP, GPO, trusts, replication

Experience troubleshooting large, distributed Windows Server infrastructures.

Strong PowerShell automation skills.

Experience implementing AD hardening, security baselines, RBAC delegation.

Knowledge of backup/restore and DR strategies for domain controllers.

Strong understanding of networking fundamentals (TCP/IP, firewall rules, ports).

Preferred Skills

Microsoft certifications (AZ800, AZ801, MS100/101, SC300, MCSA/MCSE).

Experience with Azure AD and hybrid identity models.

Experience with IAM/PAM tools (Delinea, CyberArk, BeyondTrust).

Familiarity with virtualization (VMware/HyperV).

Experience with enterprise SIEM and security monitoring tools.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: hcl001
  • Position Id: 9024308
  • Posted 16 hours ago

Company Info

About HCLTech

HCLTech is a global technology company, home to more than 223,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering and cloud, powered by a broad portfolio of technology services and products. 

We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending March 2025 totaled $13.8 billion. 

To learn how we can supercharge progress for you, visit hcltech.com.

About_Company_One
Contact the job poster
GJ

Gayathri J

Recruiter @ HCLTech
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

It looks like there aren't any Similar Jobs for this job yet.

Search all similar jobs