Active Directory Architect

Details•Blacksburg, VA

1d•$80,000 - $120,000

About The Position

Collaborative Computing Solutions within Virginia Tech is seeking a skilled Active Directory Architect with a strong security focus to join our team. This role will lead the design, development, and support of a secure, large-scale Active Directory (AD) and Entra ID (formerly Azure AD) environment. The architect will enhance the security posture of our directory services, ensuring compliance with IAM best practices and contributing to the organization’s overall cybersecurity strategy. Please note: Sponsorship is not available for this position.

Requirements

Master's degree in computer science, information systems, IT-related field, or a combination of education, training, and/or work experience equivalent to a Master’s degree
Significant experience in global IT infrastructure, with extensive experience in AD/Entra ID architecture, including design, deployment, and optimization of complex directory environments.
Proven experience planning, creating and running complete Microsoft Active Directory solutions.
Demonstrated experience in conducting security audits and hardening of AD environments, implementing secure Group Policies (GPOs), configuring Azure AD Conditional Access policies, and managing privileged access through tools like Azure AD Privileged Identity Management (PIM) to reduce security risks and enforce compliance.
Strong scripting and automation skills, particularly with PowerShell and Microsoft Graph API.
Experience with cybersecurity auditing, remediation, and IAM best practices.
Strong problem-solving, communication, and analytical skills, with the ability to collaborate across different teams and time zones.

Nice To Haves

Certifications such as CISSP, Azure Security Engineer Associate, Microsoft Certified Identity and Access Administrator, CCSP, or CISM.
Proven experience in architecture and configuration of AD for stable, secure, and scalable solutions.
Demonstrated experience with privileged access management (PAM), role-based access control (RBAC), and policy-based access control (PBAC).

Responsibilities

Active Directory and Entra ID Architecture and Security: Lead the design and implementation of secure AD and Entra ID environments, ensuring adherence to security best practices and organizational compliance requirements.
Identity and Access Management (IAM): Architect, implement, and manage IAM solutions, including authentication protocols (SAML, OAuth, OIDC, Kerberos) and privileged access management (PAM\PIM).
Policy Development and Compliance: Establish and maintain security policies for directory services, ensuring compliance with regulations such as FERPA and aligning with security frameworks like Zero Trust.
Security Auditing and Monitoring: Regularly conduct security audits of AD and Entra ID; analyze security logs, identify vulnerabilities, and lead incident response efforts to mitigate threats.
IAM Roadmap and Strategy Development: Develop and maintain an IAM roadmap, ensuring alignment with organizational goals, evolving security standards, and emerging threats.
Technical Leadership and Collaboration: Provide technical leadership on AD/Entra ID security matters, collaborate with operational teams to enhance security practices, and reduce drift in directory services.
Automation and Tool Development: Utilize scripting tools such as PowerShell and Microsoft Graph API to automate tasks and enhance security monitoring and reporting capabilities.
Documentation and Knowledge Transfer: Create and maintain documentation for all technical processes and contribute to training materials and knowledge base articles to ensure effective knowledge transfer.
Incident Response and Remediation: Lead incident response activities related to identity-based security events, including vulnerability assessments, patch management, and security remediations.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume