|Published||November 25, 2022|
This position is primarily remote. However, it requires being on-site- 2x per month.
Must be local to DC, MD, VA, or within 2 hours of commute. PRISM is seeking an Active Directory Architect to provide support, implementation, and design services for Microsoft’s on-premises and cloud identity platforms, including but not limited to Microsoft Windows Active Directory (AD), Microsoft Azure Active Directory (AAD), Microsoft Active Directory Federation Services (ADFS) and Microsoft Azure Application Proxy (AZAP). You will be a subject matter expert in using Active Directory Group Policy to implement security standards on Domain Controllers, Domain Member Servers, and Domain Member Workstations. This role requires an in-depth knowledge of the Active Directory, Domain controllers, Azure Cloud, and proficiency in PowerShell scripting. In addition, you must have demonstrated prior and active experience managing multi-domain issues. Other Duties:
Applies advanced subject matter knowledge to solve complex business issues and is regarded as a subject matter expert.
Frequently contributes to the development of new ideas and methods.
Works on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors.
Acts as an expert providing direction and guidance to process improvements and establishing policies.
Participates as a member of and leads development teams. Performs analysis of complex functional and business requirements. Prepares code stubs for others. Completes code to implement solutions. Designs solutions for others to code. Participates in cross-functional teams. Leads design activities May provide mentoring and guidance to other developers. Designs, prepares and executes Unit tests.
Demonstrates technical leadership and exerts influence outside of the immediate team. Develops innovative team solutions to complex problems. Contributes to strategic direction for teams.
Applies in-depth or broad technical knowledge to provide maintenance solutions across one or more technology areas.
Independently implements end-user or enterprise infrastructure or services of significant complexity.
Integrates technical expertise and business understanding to create superior solutions for the company and customers. Mentors and consults with team members, other organizations, customers, and vendors on complex issues.
Exercises significant independent judgment within broadly defined policies and practices to determine the best method for accomplishing work and achieving objectives.
Develop comprehensive and accurate reports and presentations for both technical and executive audiences.
Create and document detailed guides and tracking documents - for clients to leverage as part of Active Directory hardening and overall infrastructure enhancements.
Tier 3 level troubleshooting includes diagnosing complex replication and multi-domain issues.
Develop standards, target states, and roadmaps, effectively communicating and obtaining consensus across architecture, engineering, and operations teams Required Education & Experience:
Bachelor’s degree with 10+ years of recent system engineering experience. Additional training and experience may be substituted instead of a degree.
Expert knowledge in administering AD, AAD, and ADFS in hybrid environments
Expert knowledge in administrating AD and AAD support services such as AAD Conditional Access Policies, AAD Self-Service Password Reset (SSPR), AAD Connect, and Windows Server DNS
Expert knowledge in designing, testing, deploying and maintaining Active Directory Group Policy (GPO) to secure Domain Controllers, Domain Member Servers, and Domain Member Workstations
Expert analyzing security risks with proposed changes to AD, AAD, ADFS, AZAP, Domain Controllers, GPOs, etc. and providing an understandable summary of those risks to management for proper implementation decisions
Experience administering multiple AD forests with forest trusts.
Knowledge of third-party AD support services such as Quest Active Roles, Quest Change Auditor for ADKnowledge of Microsoft Identity Manager
Knowledge on configuring, deploying, and onboarding applications for remote access via AZAP, including the use of Kerberos constrained delegation (KCD) for Single Sign On.
Must have a deep and thorough understanding of monitoring best practices,
Extensive experience with infrastructure and server theories, principles, and concepts; application infrastructure and standards; networking fundamentals
Experience translating technical issues into understandable business language for end-users
Experience working with cyber security teams to actively update AAD conditional access policy and AD Group Policies as determined by cyber threats and operational requirements
Knowledge of Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) – as it pertains to Enterprise Domain design and support
Experience as a subject matter expert (SME) Senior Active Directory System Engineer or Architect in a large AD environment with the proven ability to coordinate technical efforts and resolve issues across multiple teams.
Strong working knowledge of Windows 2016 and 2019 Member Servers and Domain Controller operating systems platforms, DNS, networks, DMZs, network security zones
PowerShell scripting experience and capabilities
Expert knowledge of ADDS, ADFS, Azure AD, and Windows Server Operating Systems 2016 & up.
Hands-on expertise with Azure AD Connect and AD Cloud SaaS.