Active Directory Engineer

About The Position

Requirements

• Deep understanding of Windows Server and Active Directory security architecture.
• Proven experience interpreting CVE writeups, MSRC security advisories, and vendor mitigation guidance.
• Expert-level proficiency in PowerShell scripting and automation development.
• Strong ability to evaluate exploitability vs. real-world exposure.
• Familiarity with Active Directory attack paths and adversary techniques.
• Experience with Hyper-V and SCVMM.
• Experience with SCCM.
• Experience performing risk analysis in large, regulated enterprise environments.
• Strong written communication skills, including the ability to produce change intent documents, impact and risk assessments.
• Demonstrated experience creating technical and process documentation.
• Strong understanding of Active Directory internetworking, including name resolution (DNS) and Kerberos and NTLM authentication flows.
• Hands-on experience with Kerberos, LDAP, DNS, NTLM.
• Hands-on experience with system and performance monitoring.
• Experience in Python.
• Experience securing and reducing Active Directory attack surface, particularly Domain Controllers.
• Experience with Windows Server 2016, 2019, and 2022.
• Familiarity with Hyper-V and virtualization platforms.
• Experience developing AD policies, standards, and operational procedures.
• Strong analytical, design, and problem-solving capabilities.
• Ability to translate complex technical concepts into clear, actionable processes.
• Experience operating in fast-paced environments with shifting priorities.

Responsibilities

• Analyze CVEs, MSRC advisories, and vendor security guidance to determine required remediation actions.
• Translate vulnerability intelligence into clear technical actions (patching, GPO updates, registry changes, service/protocol hardening).
• Define scope and applicability of remediation across Domain Controllers vs. Member Servers, tiered environments, and legacy or exception-based systems.
• Assess dependencies, constraints, and potential blast radius prior to deployment.
• Evaluate exploitability vs. environmental exposure to inform prioritization.
• Drive prioritization and sequencing of remediation activities across platforms.
• Design and develop automation solutions (primarily PowerShell) to deploy and validate fixes.
• Build repeatable validation mechanisms to ensure remediation effectiveness.
• Partner with Operations teams to ensure timely, coordinated rollout of remediations.
• Produce clear change documentation, including intent, impact, rollback considerations, and risk analysis.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)