Senior Active Directory Engineer

About The Position

Requirements

• 10+ years of hands-on experience with Microsoft Active Directory in enterprise environments
• Bachelor's degree in Computer Science, Information Technology, Information Systems, or a related technical field (or equivalent practical experience).
• Strong experience across the full AD lifecycle: Design, Implementation, Migration, Operations
• Deep technical knowledge of: Active Directory Domain Services (AD DS), DNS and AD-integrated DNS, Group Policy design and troubleshooting, AD replication and topology
• Proven experience leading AD implementation or transformation projects
• Strong PowerShell skills for AD administration and automation
• Solid understanding of Windows Server internals and authentication mechanisms (Kerberos, NTLM)

Nice To Haves

• Experience with hybrid identity solutions: Azure AD / Microsoft Entra ID, Azure AD Connect / Cloud Sync
• Experience with: Multi-forest or multi-domain environments, M&A-related AD consolidation projects
• Familiarity with identity security tools (e.g., PAM, MFA integrations)
• Microsoft certifications (preferred, not mandatory): Windows Server, Identity and Access Management
• Experience working in regulated or security-sensitive environments
• Strong problem-solving and analytical skills
• Ability to work independently and take ownership of critical systems
• Excellent communication skills for: Technical teams, Project stakeholders, Management
• Comfortable working in high-pressure implementation environments
• Strong documentation and presentation skills

Responsibilities

• Design enterprise-grade Active Directory architectures, including: Forest and domain design, Trust relationships (internal and external), OU structure, delegation models, and naming standards
• Define Group Policy (GPO) strategy aligned with security and operational requirements
• Design identity lifecycle management processes (joiners, movers, leavers)
• Ensure architectural alignment with security and operational best practices
• Perform current-state assessments of the customer’s AD environment
• Identify and remediate gaps related to: Security posture, Performance and replication health, Operational inefficiencies, Technical debt from legacy configurations
• Improve and optimize: Group Policy Objects (cleanup, consolidation, redesign), AD Sites and Services and replication topology, DNS and domain controller placement
• Implement non-disruptive enhancements to existing environments, minimizing business impact
• Plan and execute phased improvement activities with clear risk mitigation and rollback strategies
• Implement AD security best practices, including: Tiered administration models (e.g., Tier 0/1/2), Privileged access management, Secure administrative delegation
• Harden Active Directory against common attack vectors
• Support incident response related to identity or directory services
• Collaborate with security teams on identity-related controls
• Produce detailed architecture diagrams, implementation documents, and SOPs
• Create operational guides and troubleshooting documentation
• Conduct knowledge transfer sessions for operations and support teams