Staff Security Engineer - Active Directory

About The Position

Requirements

• 7+ years of experience engineering enterprise identity solutions, with increasing focus on cloud‑based identity platforms
• 7+ years of advanced experience administering and securing Microsoft Entra ID (Azure AD) in large enterprise environments
• 7+ years of experience administering and securing Azure and Azure Active Directory
• 5+ years of experience using PowerShell and automation to manage, audit, and secure identity platforms
• 5+ years of experience in security hardening, vulnerability remediation, and identity‑related risk reduction
• Bachelor’s degree or equivalent experience (High School Diploma and 4 years relevant experience)

Nice To Haves

• Expert level understanding of cloud identity and access management concepts: Tiered administrative models, Privileged access management and credential protection, Group Policy design and hardening, and Secure authentication and authorization architectures
• Experience leading identity‑related security investigations and incident response
• Strong experience with monitoring and security tools such as Splunk and Microsoft Systems Center Operations Manager (SCOM)
• Experience with vulnerability and attack‑path analysis tools such as Microsoft Assessment tools, CrowdStrike, BloodHound, or similar
• Proven experience designing and remediating controls for SOX, PCI, HIPAA, or similar regulatory frameworks
• Ability to translate business and security requirements into scalable, secure technical solutions
• Strong leadership, collaboration, and communication skills, including the ability to influence technical direction

Responsibilities

• Architect, secure, and oversee enterprise multi‑domain Active Directory environments in hybrid configurations with Azure, including Azure AD Connect and identity synchronization strategies
• Provide senior‑level administration and security engineering for Azure Active Directory (Microsoft Entra ID), including identity protection, authentication methods, and access governance
• Design, implement, and continuously improve Entra ID Conditional Access, privileged access models, and identity security controls
• Lead analysis and response efforts for complex identity‑related security incidents, including root cause analysis and long‑term remediation
• Oversee and harden hybrid identity integrations, including Entra ID Connect / Cloud Sync, ensuring secure synchronization and minimal on‑prem dependency exposure
• Monitor, investigate, and respond to cloud‑based identity threats and anomalous authentication activity using Entra ID logs, risk detections, and SIEM tooling
• Lead root cause analysis and long‑term remediation for identity‑related security incidents spanning Entra ID, SaaS applications, and hybrid authentication flows
• Establish and enforce Entra ID security standards, including tenant configuration, role management, identity lifecycle controls, and service principal governance
• Proactively identify architectural weaknesses and attack paths within cloud and hybrid identity and drive modernization and risk‑reduction initiatives
• Lead and support internal and external audits (SOX, PCI, HIPAA, etc.) related to identity, access management, and authentication controls
• Partner with Cybersecurity, IAM, Application, and Platform teams to ensure secure Entra ID integration with enterprise SaaS, Azure, and on-prem applications
• Develop and maintain enterprise documentation, architecture standards, and operational runbooks for Entra ID and hybrid identity services
• Evaluate new Microsoft Entra capabilities and identity security features, making informed recommendations for adoption

Benefits

• medical
• dental
• vision coverage
• paid time off
• retirement savings options
• wellness programs