|Published||September 18, 2022|
Active Directory Architect
This role requires an in-depth knowledge of the Active Directory, Domain controllers, Azure Cloud, and a proficiency in PowerShell scripting. The candidate must have demonstrated prior and active experience in managing multi-domain issues. The candidate will be supporting a demerger of an Enterprise and creating a NEWCOMPANY with new domain names and active directory.
The successful candidate will be a self-starter, someone who can work independently, and will be flexible in a fast-paced environment.
- Applies advanced subject matter knowledge to solve complex business issues and is regarded as a subject matter expert.
- Frequently contributes to the development of new ideas and methods. Works on complex problems where analysis of situations or data requires an in-depth evaluation of multiple factors.
- Acts as an expert providing direction and guidance to process improvements and establishing policies.
- Independently implements end-user or enterprise infrastructure or services of significant complexity.
- Create and document detailed guides and tracking documents - for clients to leverage as part of Active Directory hardening and overall infrastructure enhancements.
- Tier 3 level troubleshooting including diagnosing complex replication and multi domain issues.
- Develop standards, target states, roadmaps, effectively communicating and obtaining consensus across architecture, engineering, and operations teams
Required Education & Experience
- Bachelor's degree with 10+ years of recent system engineering experience. Additional training and experience may be substituted in lieu of a degree.
- Expert knowledge administering AD, AAD and ADFS in hybrid environments
- Expert knowledge administering AD and AAD support services such as AAD Conditional Access Policies, AAD Self-Service Password Reset (SSPR), AAD Connect and Windows Server DNS
- Expert knowledge designing, testing, deploying and maintaining Active Directory Group Policy (GPO) for the purpose of securing Domain Controllers, Domain Member Servers and Domain Member Workstations
- Expert analyzing security risks with proposed changed to AD, AAD, ADFS, AZAP, Domain Controllers, GPOs, etc. and providing an understandable summary of those risks to management for proper implementation decisions
- Experience administering multiple AD forests with forest trusts.
- Knowledge of third-party AD support services such as Quest Active Roles, Quest Change Auditor for AD
- Knowledge of Microsoft Identity Manager
- Knowledge on configuring, deploying and onboarding applications for remote access via AZAP, including the use of Kerberos constrained delegation (KCD) for Single Sign On.
- Must have a deep and thorough understanding of monitoring best practices,
- Extensive experience with infrastructure and server theories, principles, and concepts; application infrastructure and standards; networking fundamentals
- Experience translating technical issues into understandable business language for end-users
- Experience working with cyber security teams to actively update AAD conditional access policy and AD Group Policies as determined by cyber threats and operational requirements
- Knowledge of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) - as it pertains to Enterprise Domain design and support
- Experience as a subject matter expert (SME) Senior Active Directory System Engineer or Architect in a large AD environment with the proven ability to coordinate technical efforts and resolve issues across multiple teams.
- Strong working knowledge of Windows 2016 and 2019 Member Servers and Domain Controller operating systems platforms, DNS, networks, DMZs, network security zones
- PowerShell scripting experience and capabilities
- Expert knowledge of ADDS, ADFS, Azure AD and Windows Server Operating Systems 2016 & up.
- Hands-on expertise with Azure AD Connect and AD Cloud SaaS.
- provided by Dice