Enterprise Directory Service SME

About The Position

Requirements

• U.S. Citizenship is required (federal contract requirement).
• Active DHS Public Trust clearance or ability to obtain one; Secret/Top Secret preferred.
• Bachelor’s degree in computer science, Information Technology, Engineering, or related discipline (or equivalent experience).
• 10+ years of experience in enterprise IT infrastructure roles, including architecture, design, implementation, and operations.
• Proven experience with large-scale IT infrastructure environments, including: Networking (Cisco, Juniper) Virtualization (VMware, Hyper-V) Cloud platforms (AWS, Azure, GCP) Identity and access management (Active Directory, LDAP, PKI) Storage solutions (SAN/NAS)
• Deep knowledge of NIST security frameworks, DHS compliance standards, and the RMF process.
• Experience supporting federal agencies, ideally within DHS or USCIS.
• Strong documentation, communication, and presentation skills.

Nice To Haves

• Advanced degree (MS or higher) in a related technical field.
• Enterprise-level certifications such as: AWS Certified Solutions Architect – Professional Microsoft Certified: Azure Solutions Architect VMware Certified Design Expert (VCDX) Cisco Certified Network Professional (CCNP)/Expert (CCIE) CompTIA Advanced Security Practitioner (CASP+) Certified Information Systems Security Professional (CISSP)
• Experience with Zero Trust architecture, DevSecOps, and Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Chef.
• Experience with ITIL-based service delivery and governance frameworks.

Responsibilities

• Perform analysis of existing USCIS Active Directory environments and develop new solutions to take advantage of new technologies and best practices provided by thenlatest versions of Windows Server, to include but not limited to: Privileged Remote Tool Server Administration Credential Partitioning.
• Active Directory Federation Services (ADFS).
• Group Policy.
• PowerShell Desired State Configuration.
• Domain Trusts.
• Managing Azure Active Directory (Entra ID).
• Automate the mapping subnets to Active Directory sites and services.
• Lead architectural and design changes, modifications and advancements to the USCISActive Directory infrastructure in collaboration with Operations for a seamless transition and delivery.
• Design and lead the implementation of complex identity management solutions utilizing tools such as PKI, ADFS, Azure AD Connect, and Microsoft Identity Manager.
• Architect, design, and lead the implementation of Enterprise Active Directory delegation models and provide technical assistance to facility administrators, as required.
• Develop and lead the implementation of potential USCIS Virtual Desktop solutions.
• Work closely with internal teams to architect and lead the implementation of Group Policy Objects (GPOs), performance tuning as it relates to the latest Windows Desktop and Server Migration project(s).
• Work with software vendors to identify, install and deploy USCIS business need software solutions, involving AD LDAP authentication and delegation rights.
• Provide Architectural and Engineering analysis of on premise and cloud solutions to ensure, where applicable, interdependent systems have consistent architectures and divergent architectures are evaluated for business value, and removal of waste.
• Architect and design secure disaster recovery for Active Directory production environment.
• Act as a technical liaison between USCIS OIT customers and third-party software/hardware vendors to deliver necessary solutions for the agency.
• Participate in lifecycle planning of critical IT services, architecting and designing replacement solutions.
• Architect solutions that integrate Azure AD Connect and Office - 365 Suite.
• Establish and ensure all changes to the Group Policy Objects (GPOs) under Active Directory (AD) are controlled and documented.
• Ensure GPO testing is completed prior to GPO changes to production.
• Support enterprise backup and disaster recovery architecture, migration planning and implementation.
• Architect DNS configuration, MS Clustering services, storage configuration, terminal services, TCP/IP protocol and LDAP services.
• Provide architectural analysis of existing and new directory services in order to ensure that authentication flows are going to the appropriate service, to include but not limited to: Active Directory.
• ADFS.
• Azure AD (multiple and single tenant, commercial and Government).
• Identity Credential and Access Management (ICAM).
• AWS Identity and Access Management (commercial and Government).
• Design and architect automated concentric circle deployment models for phased. rollouts to include, but not limited to: Group policy.
• Patching.
• Software deployment.
• Architect and lead the implementation of new group policy changes to the AD structure, new Security Technical Implementation Guides (STIGs), new operating systems, or as directed due to security or higher headquarter mandates and exceptions.
• Provide recommendations for new products and technology for supporting all layers of the IT infrastructure architecture based on testing and technology vetting.
• Lead enterprise projects through architectural design, migration and solution replacement phases, to include but not limited to: Enterprise Data Center Consolidation.
• Enterprise Cloud based solutions.
• Enterprise Unified Communications.
• Next Generation Endpoint and Mobility operating systems.
• Directory and Messaging services.
• Enterprise Network and Compute configuration standards development.
• Enterprise Network and Compute management development.
• Enterprise Backup and archive design and solutions.
• Enterprise Mobility solutions development.
• Enterprise Management, configuration, and tools standardization.
• Network (WAN/LAN) standards or changes.
• The contractor must be capable of supporting tools such as or similar to those identified in the tool's appendix. Additional tools may be added to the environment at the recommendation of the contractor or at the sole discretion of the Government.

Benefits

• The company offers a comprehensive benefits program, including medical, dental, vision, life insurance, 401(k) and a range of other voluntary benefits.
• Paid Time Off (PTO) is offered to regular full-time and part-time employees.