Senior Active Directory Engineer
DESE Research, Inc.•Huntsville, AL
•Onsite
About The Position
DESE is seeking a Senior Active Directory Engineer in Huntsville, AL. The Senior Active Directory Engineer serves as the subject matter expert for the design, implementation, and maintenance of a robust on-premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment, ensuring high availability and seamless authentication across the enterprise. You will lead forest-level migrations, disaster recovery planning, and the hardening of AD objects against modern security threats.
Requirements
- Bachelor's Degree in network engineering, Computer Science, or a related technical field.
- Must possess (or be able to obtain) a DoD Top Secret Clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph and willingness to meet Special Access Program (SAP) eligibility requirements.
- Must possess an active CompTIA Security+ CE, ISC2 SSCP, or equivalent baseline certification.
- Deep understanding of FSMO Roles, Global Catalogs, and Active Directory Partition structures.
- Advanced proficiency in PowerShell for automating bulk object changes, reporting, and environment health checks.
- Strong grasp of TCP/IP, DNS, and Firewall requirements essential for AD communication across segmented networks.
- Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).
Nice To Haves
- Active DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph with willingness to meet Special Access Program (SAP) eligibility requirements.
- Microsoft Role-Based Certifications (e.g., AZ-800/801).
- Deep knowledge of STIG (Security Technical Implementation Guides) compliance.
Responsibilities
- Design and deploy multi-forest/multi-domain AD architectures, including Site and Services optimization for low-latency authentication.
- Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations.
- Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols.
- Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).
- Establish and regularly assess AD-specific backup and restoration procedures (Authoritative vs. Non-authoritative restores).
- Maintain the health of AD-Integrated DNS, ensuring proper zone replication and scavenging.
- Proactively monitor replication topology, roles, and health using tools like PowerShell, SCOM, or specialized AD auditing software.
Benefits
- Profit-sharing plan
- Competitive salaries
- Competitive health, dental and vision insurance with affordable premiums
- Flexible work schedules
- Two different flexible spending account options
- Company paid life insurance with options for employee paid additional
- Performance bonus program
- Education reimbursement program
- Company paid personal leave for approved philanthropic activities
- Vacation, Sick & Holiday leave
- Robust 401k profit sharing plan
- Opportunities for internal promotions
- Employee referral incentive program
- Rewards and gifts for service anniversaries
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Number of Employees
11-50 employees
