Identity Engineer – Active Directory

About The Position

Requirements

• Bachelor’s degree recommended; equivalent experience considered.
• 6 years of hands-on experience administering Active Directory in enterprise environments
• Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations
• Advanced PowerShell scripting and automation capabilities
• Strong understanding of Kerberos, SPNs, gMSAs, and delegation models
• Experience working with CyberArk or similar PAM solutions integrated with Active Directory
• Hands-on experience with AD disaster recovery and multi-domain/multi-forest environments
• Understanding of Active Directory’s role within identity governance and IAM ecosystems
• Experience collaborating with PKI teams and supporting AD-integrated certificate services
• Experience with hybrid identity environments (Entra ID / Azure AD Connect)
• Strong knowledge of AD security hardening practices and attack mitigation techniques
• Experience generating audit evidence and supporting compliance requirements
• Experience with SIEM platforms such as CrowdStrike or equivalent
• Experience supporting regulated or customer driven security requirements, including U.S. Government environments
• Strong communication and documentation skills, with the ability to translate technical concepts into business impact.
• Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.
• Adherence to U.S. Government export control regulations (ITAR) - candidates must either be U.S. Persons or be prepared to collaborate with the company in securing the necessary U.S. government export authorizations.

Nice To Haves

• Familiarity with CMMC and NIST SP 800-171 aligned expectations preferred.

Responsibilities

• Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships
• Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup
• Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology
• Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS-R consistency
• Manage SPNs, gMSAs, and Kerberos authentication dependencies
• Mentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery.
• Maintain documentation including technical designs, workflows, configurations, and operational procedures.
• Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience.
• Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation
• Develop scripts for auditing, compliance reporting, and operational health monitoring
• Build automation for infrastructure lifecycle processes such as DC replacement and recovery
• Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management
• Manage privileged accounts and service account credentials in alignment with PAM policies
• Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations
• Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards
• Implement tiered administration models and protected group governance

Benefits

• This position is also eligible for bonus as part of the total compensation package.