
HCLTech
Hybrid in San Francisco, California • Today
Easy Apply
Full-time
$120,000 - $150,000
13 results (3 new)

HCLTech
Hybrid in San Francisco, California • Today
Easy Apply
Full-time
$120,000 - $150,000

Woven Planet
Palo Alto, California • Today
Full-time
USD 140,000.00 - 230,000.00 per year

JDA TSG
Remote • 7d ago
Easy Apply
Full-time
95000 - 110000

Integrated Technology Strategies, Inc.
Remote • 4d ago
Easy Apply
Full-time
Depends on Experience

Komplete Teleservices
Remote • Today
Easy Apply
Contract
Depends on Experience

Okta, Inc.
San Francisco, California • Today
Full-time
USD 194,000.00 - 243,000.00 per year

ProCorp Systems Inc.
Remote • 13d ago
Easy Apply
Contract, Third Party
Depends on Experience

Verito Solutions
Remote • Today
Easy Apply
Third Party, Contract
Depends on Experience

Robustware
Remote • 12d ago
Easy Apply
Full-time, Third Party
Depends on Experience

PathAI
Remote or Boston, New York • Today
Full-time
USD 181,500.00 - 278,300.00 per year



Job Role: L3 Active Directory Engineer / AD SME
Location: SFO, CA (Hybrid)
Type: Fulltime
Job Description: L3 Engineer / SME Active Directory (OnPremise)
Experience: 7 12+ years
Domain: Identity & Access Management, Windows Infrastructure
Role Summary
We are looking for a highly skilled L3 Active Directory (OnPremise) SME with deep experience in designing, managing, and troubleshooting complex AD environments. The candidate will be the highest escalation point for AD issues, lead architectural improvements, perform RCA, and ensure AD security, availability, and performance in a large enterprise environment.
Key Responsibilities
Serve as the toptier escalation for Active Directory and Windows infrastructure issues.
Troubleshoot complex authentication, replication, DNS, GPO, policy processing, and trust issues.
Perform advanced RCA, log analysis, and performance debugging.
Develop L3 SOPs, KB articles, scripts, and automation for operations teams.
Manage and maintain large multidomain, multiforest onprem AD environments.
Oversee FSMO roles, domain controllers (DC health), AD sites, replication topology.
Install, upgrade, and harden domain controllers (physical/virtual).
Implement AD schema updates, forest/domain functional level upgrades.
Perform AD migration, consolidation, restructuring, and domain/forest trust design.
Troubleshoot AD-integrated DNS issues (zones, scavenging, forwarding, delegation).
Manage and secure DHCP scopes, reservations, failover.
Deep understanding of Kerberos, NTLM, LDAP, LDAPS, SPNs, tickets, token bloat.
Ensure GPO performance tuning, inheritance control, WMI filters, controlled rollouts.
Implement AD security baselines, CIS benchmarks, and Microsoft security best practices.
Periodically audit domain controllers, replication, delegations, privileged groups.
Manage tiered admin model, least privilege, JustInTime (JIT) & JustEnoughAdministration (JEA).
Enforce password policies, PAM/Privileged Identity controls, and secure service account management.
Perform logs and event analysis through SIEM (Splunk, Sentinel, QRadar).
Build and validate disaster recovery procedures for AD, DNS, and DHCP.
Maintain backup/restore strategies using tools like AD Recycle Bin, Authoritative Restore, System State, VM snapshots.
Ensure site resiliency, replication health, and multisite availability.
Automate AD operations using PowerShell (mandatory).
Build scripts for:
User provisioning/deprovisioning
Group management
GPO backup/restore
ACL/permissions
Health monitoring & reporting
Expertise integrating AD with:
ADFS
Azure AD Connect (Sync rules, writeback, filtering)
SSO solutions
LDAPbased applications
PKI/Certification Services
Understand hybrid identity dependencies (even though this role is onprem focused).
Required Skills & Qualifications
7 12+ years handson experience in enterprise Active Directory environments.
Deep knowledge of:
AD architecture, design & security
DNS, DHCP, Sites & Services
Kerberos, LDAP, GPO, trusts, replication
Experience troubleshooting large, distributed Windows Server infrastructures.
Strong PowerShell automation skills.
Experience implementing AD hardening, security baselines, RBAC delegation.
Knowledge of backup/restore and DR strategies for domain controllers.
Strong understanding of networking fundamentals (TCP/IP, firewall rules, ports).
Preferred Skills
Microsoft certifications (AZ800, AZ801, MS100/101, SC300, MCSA/MCSE).
Experience with Azure AD and hybrid identity models.
Experience with IAM/PAM tools (Delinea, CyberArk, BeyondTrust).
Familiarity with virtualization (VMware/HyperV).
Experience with enterprise SIEM and security monitoring tools.
HCLTech is a global technology company, home to more than 223,000 people across 60 countries, delivering industry-leading capabilities centered around digital, engineering and cloud, powered by a broad portfolio of technology services and products.
We work with clients across all major verticals, providing industry solutions for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending March 2025 totaled $13.8 billion.
To learn how we can supercharge progress for you, visit hcltech.com.
📋 Comparing job requirements...
It looks like there aren't any Similar Jobs for this job yet.
Search all similar jobs