Staff Engineer II - Active Directory

Western Alliance Bank•Columbus, OH

3d•Onsite

About The Position

As a Staff Engineer II within the Identity and Access Management (IAM) department, you’ll serve in a mid-level, hands-on engineering role with a primary focus on Active Directory technologies. You’ll be part of a collaborative IAM team responsible for managing, maintaining, and supporting the organization’s on premises and hybrid Active Directory infrastructure, including directory services, authentication, authorization, and identity lifecycle integrations. In this role, you’ll identify development and operational support needs, contribute to Active Directory–centric design decisions, and take ownership of assigned project and enhancement tasks. As an IT Staff Engineer II, you’ll facilitate technical discussions and cross team collaboration, working closely with security, infrastructure, and application teams to ensure stable, secure, and scalable identity services. Take assignments that can be worked on individually without supervision and manage work effort from concept to completion. Provide high-level engineering and functional support for Active Directory and Windows Server services, including GPO, RADIUS/NPS, PKI/Certificate Services, ADFS, and other domain-related services. Serve as Subject Matter Expert (SME) for Active Directory and PKI infrastructure, providing architectural guidance and advanced troubleshooting. Design, redesign, and maintain Active Directory forests, domains, trusts, and OU structures, supporting a hybrid Entra AD environment. Architect and enforce Group Policy (GPO) strategy, including security baselines, hardening, and lifecycle management. Design and manage permissions, delegation models, and RBAC aligned with least privileged principles. Implement and maintain Active Directory security hardening aligned with CIS, NIST, or other internal/external standards. Design and manage tiered administration models (Tier 0 / privileged access separation). Support and integrate PKI, Kerberos, and authentication controls across the environment. Design, build, and manage enterprise Microsoft Active Directory and Windows file services architecture. Independently execute large-scale Active Directory initiatives (redesigns, migrations, modernization, cleanup). Act as L3 escalation for Active Directory–related incidents and resolve issues assigned through the incident management system. Develop, document, and maintain runbooks, standard operating procedures, and workflows for L2 operational teams. Configure and troubleshoot Windows desktop environments (AD, GPO) in support of VDI / Azure Virtual Desktop (AVD) deployments. Provide on-call support for critical identity and directory services incidents. Ensure compliance with IT policies, procedures, and industry standards, including reviewing and refining IT control enhancements.

Requirements

7+ years of related experience in IT App Support, IT Development, IT Networking, Active Directory/Azure (Entra) AD or similar field.
Bachelor's degree in related field required.
Intermediate to advanced knowledge of core Windows Server services.
Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards, and practices.
Intermediate to advanced ability to see the big picture and align projects with organizational goals.
Expertise in resolving conflicts and addressing challenges as well as skilled at identifying and mitigating risks at the project level.
Proficient in governance patterns tied to intake, technical reviews, and architectural compliance.
MCSE or equivalent Microsoft certification (or equivalent real-world experience).
Advanced speaking and writing communication skills.

Nice To Haves

Intermediate to advanced knowledge of general Financial Services or Banking preferred.

Responsibilities

Provide high-level engineering and functional support for Active Directory and Windows Server services, including GPO, RADIUS/NPS, PKI/Certificate Services, ADFS, and other domain-related services.
Serve as Subject Matter Expert (SME) for Active Directory and PKI infrastructure, providing architectural guidance and advanced troubleshooting.
Design, redesign, and maintain Active Directory forests, domains, trusts, and OU structures, supporting a hybrid Entra AD environment.
Architect and enforce Group Policy (GPO) strategy, including security baselines, hardening, and lifecycle management.
Design and manage permissions, delegation models, and RBAC aligned with least privileged principles.
Implement and maintain Active Directory security hardening aligned with CIS, NIST, or other internal/external standards.
Design and manage tiered administration models (Tier 0 / privileged access separation).
Support and integrate PKI, Kerberos, and authentication controls across the environment.
Design, build, and manage enterprise Microsoft Active Directory and Windows file services architecture.
Independently execute large-scale Active Directory initiatives (redesigns, migrations, modernization, cleanup).
Act as L3 escalation for Active Directory–related incidents and resolve issues assigned through the incident management system.
Develop, document, and maintain runbooks, standard operating procedures, and workflows for L2 operational teams.
Configure and troubleshoot Windows desktop environments (AD, GPO) in support of VDI / Azure Virtual Desktop (AVD) deployments.
Provide on-call support for critical identity and directory services incidents.
Ensure compliance with IT policies, procedures, and industry standards, including reviewing and refining IT control enhancements.

Benefits

competitive salaries
an ownership stake in the company
medical and dental insurance
time off
a great 401k matching program
tuition assistance program
an employee volunteer program
a wellness program
opportunity to bolster business knowledge
learning the ins and outs of how successful companies operate and manage their finances
invaluable hands-on experience to help grow your career