ACTIVE DIRECTORY ENGINEER JOB DESCRIPTION

An enterprise without functioning directory services cannot authenticate users, enforce Group Policy, or control access to any system it runs. The Active Directory Engineer owns the design, administration, and health of multi-forest, multi-domain environments that serve thousands of users across global infrastructure. This is a senior individual contributor role reporting into IT infrastructure leadership, accountable for MCSA/MCSE-level domain administration and protocol-layer troubleshooting spanning Kerberos, LDAP, and DNS. Failure here surfaces fast, in locked accounts, broken SSO, and failed audits.

As the Active Directory Engineer, you will own the end-to-end administration and architectural integrity of enterprise Active Directory environments, ensuring authentication services, identity policies, and directory-integrated systems meet security and availability standards. You will serve as the internal subject matter expert on directory technology, partnering with infrastructure, security, and application teams while operating within a global IT organization that depends on continuous uptime.

Career Impact: Mastery of multi-forest AD administration and IAM integration at enterprise scale is a credential that commands senior-level recognition across corporate IT, security architecture, and cloud identity engineering markets.

Business Impact: When AD authentication fails or Group Policy is misconfigured, every user in the organization loses access - the Active Directory Engineer is the person who prevents, diagnoses, and resolves that outcome.

Growth Opportunity: Experience with cloud identity platforms, including Azure AD SSO, MFA, and PAM tools, positions engineers for advancement into Identity Architect or IAM Lead roles as enterprises accelerate hybrid-cloud transitions.

• Own Root Cause Analysis and Problem Management for the enterprise Active Directory environment, driving resolution of complex production incidents.
• Design and implement multi-forest, multi-domain AD architectures to meet availability, scalability, and security requirements across global infrastructure.
• Administer authentication protocols and directory services, including Group Policy, DNS, DHCP, and certificate authority configurations, to enforce security standards.
• Integrate enterprise applications, cloud platforms, and network devices with Active Directory for authentication and directory services.
• Monitor server infrastructure and AD system parameters to ensure performance SLAs and maximum uptime are sustained.
• Serve as escalation support and internal consultant for AD-related issues, providing technical guidance to IT teams and managed service providers.
• Develop and maintain system documentation, including installation procedures, configuration baselines, and troubleshooting runbooks.
• Collaborate with Architects, Security, and Operations teams to evaluate new technologies and contribute to infrastructure roadmap decisions.

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent work experience.
• 5 or more years of Active Directory administration experience, with demonstrated expertise in multi-forest and multi-domain environments.
• Deep knowledge of AD authentication protocols, including Kerberos, LDAP, SAML, NTLM, and OAUTH, and their application in enterprise environments.
• Strong understanding of DNS, DHCP, Group Policy, PKI, and Windows Server security in large-scale infrastructure settings.
• Proficiency in scripting for automation and administrative task management using PowerShell or equivalent languages.
• Experience with hybrid cloud identity platforms, including Azure Active Directory, AD Connect, and federation services.
• Demonstrated ability to perform Root Cause Analysis, produce structured incident documentation, and meet SLA-driven resolution targets.
• Strong written and verbal communication skills, with the ability to present technical findings to both engineering peers and IT management.

• Microsoft certifications at the MCSA or MCSE level, with emphasis on Windows Server or Identity and Access Management tracks.
• Experience with PAM solutions, SIEM platforms, or enterprise identity governance tools such as SailPoint or equivalent products.
• Familiarity with virtualization infrastructure, including VMware or Hyper-V, and enterprise storage platforms in production AD environments.
• Working knowledge of the ITIL service management framework, with certification preferred for roles operating under formal change control processes.

• Mean time to resolution for escalated AD incidents, reflecting responsiveness to authentication and directory service failures.
• AD environment uptime percentage, measured against agreed availability SLAs across all forests and domains.
• Number of Root Cause Analysis documents completed per quarter, indicating thoroughness of problem management practice.
• Group Policy compliance rate across managed domain objects, reflecting policy enforcement and configuration drift control.
• Reduction in scripting-eligible manual tasks per cycle, measuring automation coverage growth over time.
• Typical tools: directory services administration consoles (commonly ADUC, ADSI Edit); scripting environments (commonly PowerShell ISE or VS Code with PowerShell extension); monitoring platforms (commonly SCOM or equivalent).

• Base Salary Range: $95,000 to $135,000 per year, depending on seniority and location
• Bonus: 5% to 15% annual performance bonus, typical in enterprise IT environments
• Equity: RSUs or stock options offered at larger public companies; less common at private firms
• Health Benefits: Medical, dental, and vision coverage; employer contribution typical
• PTO: 15 to 20 days annually, plus federal holidays
• Common Perks: On-call stipend, certification reimbursement, remote or hybrid flexibility

Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

Work authorization in the United States is required for this position, and employment is contingent on successful completion of a background check. All qualified applicants will be considered for employment without regard to race, color, religion, sex, national origin, age, disability, veteran status, or any other characteristic protected under applicable federal, state, or local law. Reasonable accommodations are available to individuals with disabilities throughout the application and employment process upon request.

The Active Directory Engineer builds safety-critical real-time systems, including aircraft navigation software in C and Python, while creating and updating software requirements and engineering documentation. Collaborating with the project engineer, verification department, and domestic and international teams, this work enables timely, certified software deliveries that meet functional, safety, and certification criteria.

Key Responsibilities

• Design and implement safety-critical real-time systems, including aircraft navigation software in C and Python.
• Create and update software requirements.
• Ensure functional requirements, safety, and certification criteria are optimally implemented.
• Validate software and communicate with the verification department.
• Perform software integration and troubleshoot embedded platforms.
• Create software engineering documentation.
• Cooperate closely with the project engineer to ensure timely deliveries.
• Participate in internal knowledge sharing, mentor younger colleagues, and assist with troubleshooting.
• Cooperate with process focals on guidelines, process improvement, tailoring, and definition.
• Collaborate with domestic and international teams and key stakeholders.

Required Qualifications

• Bachelor's degree in Computer Science, Electrotechnics, Mechatronics, or a related field with a software background.
• Proficient in C and a scripting language such as Python, including development workflow automation.
• Knowledge of configuration management tools, including Git and Subversion.
• Experience with automation and agile workflows preferred; Matlab/Simulink knowledge is a plus.
• Strong organizational skills and analytical ability.
• Advanced level of English.

Embedded within product teams across the organization, the Active Directory Engineer shapes DevOps standards, develops a new platform, and evangelizes robust technical patterns that adhere to security standards. Working closely with staff and colleagues through mentoring and feedback, this role advances teams to High/Elite ratings across the four key DevOps metrics and enables the adoption of emerging technologies and practices.

Core Functions

• Define DevOps standards and work within product teams to establish practices across the organization.
• Ensure product teams achieve "High/Elite" ratings across the four key DevOps metrics.
• Develop a new platform, influencing decision-making and rollout strategy.
• Evangelize robust technical patterns and ensure delivered solutions adhere to security standards.
• Enable continual growth and knowledge sharing of emerging technologies and practices.
• Identify and promote opportunities to adopt new practices and technologies organization-wide.
• Mentor staff through learning and knowledge sharing of best practices.
• Support colleagues by providing regular feedback.

Qualifications & Experience

• 2-3 years of experience in a similar role or working with AWS and related cloud providers, including GCP, Azure, and Oracle.
• Experienced with infrastructure automation tools, including Terraform, CloudFormation, Serverless, Docker, Bash, Python, and CI/CD pipelines.
• Experience or knowledge of container orchestration, including ECS, Kubernetes, and Docker Compose, is a plus.
• Passionate about customer experience, curious, and willing to challenge existing assumptions.
• Collaborative, open-minded, and committed to making life easier for people.
• Strong English communication ability.

Reporting to the team lead, the Active Directory Engineer delivers development and maintenance of websites and signup forms for both mobile and desktop devices, serving as the primary point of contact for troubleshooting web issues. Partnering regularly with team members in a remote environment, this work improves code integrity, accessibility, and user experience across all web-oriented projects.

Primary Duties

• Develop and enhance websites and signup forms for mobile and desktop devices.
• Maintain and improve existing web-oriented projects regarding functionality, accessibility, and user experience.
• Maintain and improve code integrity, organization, consistency, and performance.
• Assist with automating certain tasks.
• Serve as the point person for troubleshooting issues with websites and web forms.

Skills & Qualifications

• 2+ years of experience in the WordPress ecosystem, with proficiency in PHP, MySQL, HTML, JavaScript, and CSS.
• Experience implementing Facebook Pixels and Google Ads, and working with the Mailchimp API.
• Ability to integrate designs into WordPress custom themes using responsive design, grid, and flexbox layouts.
• Proficient with Git version management; writes clean, readable code compliant with existing coding guidelines.
• Strong time management and analytical skills; able to work remotely while collaborating regularly with team members.
• Fluent in spoken and written English, with the ability to translate complex technical details into simple language.

Sitting at the intersection of backend engineering and cloud-native infrastructure, the Active Directory Engineer builds core systems and event-based microservices in Go deployed on Kubernetes within a cross-functional team. Operating across data products and service layers, this work ensures high availability and scalability for critical systems running under 24/7 uptime requirements.

Duties

• Build core systems and workflows for critical data products within a cross-functional team.
• Design and develop new product features on a microservices architecture as a backend developer.
• Create event-based microservices written in Go, deployed on Kubernetes.
• Design technical solutions with a focus on availability and scalability.
• Implement load and performance testing and monitoring to ensure software meets service level objectives.

Requirements

• BSc or higher in Computer Science or a similar discipline.
• 3+ years of coding in Go, producing reusable, clean, and scalable microservices code.
• Experience designing services with high scalability and high availability constraints, including event-based, cloud-native applications with Kubernetes.
• Exposure to AWS or Google Cloud.
• Proficient with Git and command-line tools in a Linux environment.
• Comfortable working with high-throughput, 24/7 availability systems.

A key member of the platform engineering team, the Active Directory Engineer owns the development of an infrastructure framework for platform regression testing, including automation scripts and API microservices. Collaborating across the engineering organization while understanding company culture and information-sharing practices, this role enables reliable platform testing and contributes to overall code quality and maintainability.

Functions

• Develop an infrastructure framework for platform regression testing.
• Develop automation scripts to control platform actions, the test process, and interaction with the Beaker framework.
• Develop a web application to manage multiple platforms.
• Develop API microservices to communicate with different frameworks.
• Understand informal structure, company culture, cooperation, and information sharing within the company.

Experience & Qualifications

• Bachelor's or Master's degree in Computer Engineering, Electronic Engineering, or equivalent; background in Python programming.
• Experience in automation development with Python and test applications in OS environments.
• Experience with API microservice frameworks such as Flask and Tornado is an advantage.
• Proficient with GitLab and CI/CD pipelines; interested in platform testing.
• Strong analytical, problem-solving, and communication skills in English and Vietnamese.
• Proactive team player willing to learn new technologies, with a passion for code quality, productivity, and maintainability.

Accurate data across Southeast Asian e-commerce platforms depends on the Active Directory Engineer, who owns the creation and maintenance of tools, services, and workflows while integrating APIs with WMS and logistics partners and building crawler systems. Based within a small team and reporting to the team leader, this role ensures data quality and supports the company's e-commerce data operations.

Accountabilities

• Review API documents and integrate with API systems of e-commerce platforms and WMS/logistics partners in Southeast Asia.
• Support and build a crawler system to scrape public e-commerce websites.
• Own the creation and maintenance of tools, services, and workflows.
• Test data from APIs and scrapers to ensure accuracy and quality.
• Work closely with the team leader and follow guidelines to accomplish assigned tasks.

Technical Qualifications

• 1-4 years of hands-on experience writing code, scripts, and APIs in Python.
• Experience with serverless compute components, including App Engine, Spanner, BigQuery, Cloud Functions, and Cloud Storage.
• Experience following Agile methodology and proficient with Git for code versioning.
• Intermediate English level.
• Results-driven team player.

As the Active Directory Engineer, this role leads Root Cause Analysis, Problem Management, and server infrastructure operations in a global IT environment with 10-plus years of enterprise infrastructure experience. The IT management and technical staff organization relies on this work to maintain optimum system performance, maximum uptime, and service delivery innovation across global and regional infrastructure projects.

Activities

• Own Root Cause Analysis and Problem Management for the AD environment.
• Serve as escalation support for AD technology issues and application support, providing guidance and direction in the resolution of complex production or system problems.
• Create and maintain system documentation for domain technologies, including installation, configuration, and troubleshooting steps.
• Manage, operate, and maintain server infrastructure, monitoring key system parameters to ensure optimum performance and maximum uptime.
• Work closely with IT management and technical staff to evaluate and test infrastructure solutions, and contribute to global and regional infrastructure projects.
• Identify opportunities to innovate, extend, and enhance service delivery.
• Participate in an on-call rotation.

Position Requirements

• BS/MS degree in Computer Science, Engineering, or a related field; Microsoft Certifications (MCSA and MCSE) preferred.
• 10+ years of IT experience in a global infrastructure environment, with 5+ years administering all aspects of Microsoft Active Directory.
• Deep knowledge of Active Directory, Azure Active Directory, and Windows Server operating systems (2003-2019), including clustering, AD, and file services.
• Solid knowledge of Microsoft SCCM (2016 and above) and Microsoft Azure cloud engineering and operations.
• Expert knowledge of AD authentication protocols (Kerberos, SAML, OAUTH, LDAP), DNS, DHCP, WINS, FRS, DFSR, and Group Policies, including FSMO roles, DNS zone management, advanced logging, and backup and restore in multi-domain environments.
• Good scripting skills in VBScript, PowerShell, and Azure Resource Manager (ARM) templates.
• Experience with virtualization platforms (VMware, Hyper-V) and storage platforms (Dell/EMC, HP, NetApp) is a plus.
• Experience with Azure AD Connect, AD-LDS, AD-RMS, MS FIM, ADFS, DFS, IIS, PKI, RDS, WSUS, Change Auditor, nFront Password Filter, and CyberArk or similar products is a plus; Linux/Unix skills are a plus.
• Highly organized with clear, concise communication skills; able to function in a global organization with a flexible, dynamic team.

Active Directory Engineer delivers design, architecture, and management of complex multi-forest and multi-domain Active Directory environments, including security standards development, infrastructure monitoring, and end-user-focused service delivery. The work directly supports corporate identity management across infrastructure organizations by collaborating with Architects, Engineers, and Operations teams to resolve issues, meet milestones, and maintain availability and performance SLAs.

Operational Focus

• Create a new AD infrastructure for several thousand users.
• Architect, deploy, secure, and administer multiple Active Directories and AD services.
• Integrate applications, network devices, and systems with AD for authentication and directory services.
• Develop security standards for Active Directory and related technologies, and maintain software and OS levels to the latest standards.
• Monitor infrastructure to ensure availability and performance SLAs are met, and maintain monitoring, auditing, reporting, and backup tools.
• Collaborate with Architects, Engineers, and Operations individuals across infrastructure organizations to resolve issues and contribute to overall architecture direction.
• Own Root Cause Analysis and Problem Management for the corporate Identity Management environment; create and maintain system documentation, including installation, configuration, and troubleshooting steps.
• Deliver projects, meet milestones, improve existing processes, and develop and document policies, procedures, and training plans for systems administration and operations teams.

Knowledge, Skills & Abilities

• 10+ years of hands-on experience designing, architecting, and managing complex multi-forest and multi-domain Active Directory environments.
• Strong technical knowledge of LDAP, Kerberos, DNS, Windows security, Windows Server OS, ADFS, Azure AD/AWS, AD Connect, and Federation.
• Experience in troubleshooting AD, Kerberos, and LDAP application connectivity issues.
• Thorough understanding of Windows Server Security, including IPSec, NTLM, UAC, and Windows Firewalls.
• Strong understanding of PKI technologies and good PowerShell scripting skills.
• Experience with monitoring best practices, preferably SCOM; proficient with Wireshark, Network Monitor, or similar tools.
• Experience with VMware enterprise infrastructure, Quest AD tools (ARS, Change Auditor, and RMAD), Active Directory Trusts, domain migrations, MDM, and MFA.
• Excellent client service delivery with a focus on the end-user experience.
• Experience in documenting and maintaining configuration and process information.
• Experience with Windows and Mac desktop operating systems.

The Active Directory Engineer oversees monitoring, development, and upgrading of all critical Active Directory systems and interfaces, integrating computing systems into a central campus environment while providing third-tier support to departmental administrators and service desk personnel. Reporting to campus IT leadership and collaborating across ITS units, this role enables secure, reliable directory services and supports cloud integration with major vendors, including AWS, Google, and Microsoft Office 365.

Key Deliverables

• Apply advanced systems infrastructure concepts to resolve highly complex issues requiring in-depth evaluation of variable factors.
• Select methods, techniques, and evaluation criteria to obtain results; give presentations to the team and other technical units.
• Evaluate new technologies, including performing moderate to complex cost/benefit analyses.
• Monitor, assess, maintain, develop, and upgrade all critical Active Directory systems, interfaces, and services.
• Develop new Active Directory-related services, integrate other computing systems into the central environment, and build processes for day-to-day system maintenance.
• Use compiled programming and scripting languages to design, develop, test, deploy, and maintain complex and secure applications across multiple environments.
• Provide consulting and third-tier technical support to campus departmental system administrators, ITS administrators, and service desk personnel.

Professional Experience

• Bachelor's degree in Technology, Information, or Computer Science, or a related area, and/or equivalent experience.
• Extensive knowledge of Microsoft Active Directory and other Windows Server technologies, including Azure AD and AD subsystems such as Azure AD Connect, Federation Services, and Certificate Services.
• Expertise with hybridized cloud environments from major vendors, including Amazon AWS, Google, and Microsoft Office 365.
• Expert in PowerShell, VBScript, and other scripting or programming languages for automation; advanced Group Policy skills.
• Advanced knowledge of computer security best practices, cross-platform OS and application integration (UNIX/Windows/Apple), and systems problem identification and resolution.
• Experience with design, configuration, operation, repair, and tuning of technology systems.
• Knowledge of Active Directory integration with Exchange, Lync, and SharePoint.
• Experience integrating and supporting identity management products with Active Directory, including IdentityNow and Grouper.

Embedded within the infrastructure team, the Active Directory Engineer develops and maintains a multi-forest Active Directory environment, serving as an internal consultant and subject matter expert for directory-related solutions. Working closely with infrastructure groups and both internal and external partners, this role drives architectural plans to completion and ensures Active Directory policies, standards, and procedures are implemented to meet security and operational objectives.

Areas of Ownership

• Manage day-to-day incident and problem management of a multi-forest AD environment, including multiple domains and forests.
• Act as an internal consultant to IT teams for Active Directory-related solutions and serve as a subject matter expert in directory-related technology and architecture.
• Create and maintain AD environment management documentation as necessary.
• Provide AD solutions that meet both security and operational objectives, and work with end users to resolve incidents.
• Engage with other infrastructure groups to support the AD environment; serve as a project resource and complete assigned deliverables on time.
• Participate in the definition, establishment, documentation, implementation, and maintenance of Active Directory policies, standards, methods, and procedures.
• Collaborate with internal and external partners to drive architectural plans to completion via appropriate conceptual and detailed design documents; participate in an on-call rotation with occasional evening or weekend hours.

Education & Experience

• Bachelor's degree in Software Engineering, Computer Science, Information Systems, or a similar discipline, or comparable experience.
• 6+ years of IT experience, with at least 3 years in Active Directory support; Active Directory sites and services certification preferred.
• Strong knowledge of Microsoft Windows Server, Windows Server Networking, networking principles, and large-scale Active Directory infrastructure administration.
• Knowledge and troubleshooting skills for Group Policy, LDAP, secure LDAP (LDS), DHCP, WINS, and replication topology issues.
• Experience creating Domain Controllers (2008 R2 Core, GUI, and RODC).
• Automation and scripting experience required; strong understanding of the ITIL model, with certification preferred.
• Strong verbal, written, analytical, and problem-solving skills.
• Ability to work independently, manage tasks to timely completion, and collaborate effectively with others.

Reporting to IT leadership, the Active Directory Engineer refines strategies for new technologies and enterprise-wide AD deployments, serving as a third-level escalation resource for complex incidents and translating business needs into long-term architecture solutions. Partnering with infrastructure and application teams, this role enables compliant, secure integration of on-premises and cloud identity solutions across global distributed networks.

Role Responsibilities

• Develop processes and procedures, test plans, and migration plans as a technical expert in Intel/Microsoft products and services.
• Perform documentation for Active Directory solutions; serve as third-level escalation support to drive resolution of complex incidents and issues.
• Translate business needs into long-term architecture solutions; integrate application authentication and authorization for on-premises and cloud solutions.
• Develop strategies for new technologies and implement enterprise deployment in compliance with global standards.
• Evaluate new products and services, provide recommendations, and integrate Active Directory systems.
• Understand infrastructure services, networking topologies, protocols, and practices.

Background & Experience

• Associate's degree in a related area required; 5+ years of experience in the field or a related area.
• Expert in Active Directory and Microsoft systems, with multi-forest expertise and proficiency in Kerberos, NTLM, LDAP, and SAML protocols.
• In-depth understanding of Active Directory Replication, DNS, Site Links, Site Topology, Group Policy, Global Catalogs, Security, Domain Controllers, and other core infrastructure components.
• Experience with Windows Server 2012/2016; proficient in PowerShell for task automation.
• Skilled in performance baselining, backup and restore, disaster recovery, and troubleshooting in large, distributed, multi-forest AD environments.
• Experienced in deploying Domain Controllers, onboarding new services, and application/system integration on large distributed networks.
• Cloud experience with IaaS and PaaS infrastructures; experience with Azure AD and AWS is desirable.
• Valid driver's license required; domestic and international travel may be required.

Sitting at the intersection of identity management and enterprise IT operations, the Active Directory Engineer advances installation, configuration, and improvement of AD network components while owning Root Cause Analysis and Problem Management for the corporate identity environment. Operating across server infrastructure, virtualization, and Managed Service Provider relationships, this role ensures maximum system performance, efficiency, and availability in a global infrastructure setting.

Job Functions

• Assist with the installation, configuration, and improvement of Active Directory network components and environments.
• Support and maintain user account information, including rights, security, and system groups.
• Assist in planning and implementing Active Directory upgrades, and proactively monitor all systems to ensure maximum performance, efficiency, and availability.
• Validate system upgrades and patches; upgrade software and hardware components to meet business needs.
• Implement and troubleshoot Certificate Authorities, DNS, DHCP, Federated Services, and other core components; administer, troubleshoot, document, and implement Group Policy.
• Own Root Cause Analysis and Problem Management for the corporate Identity Management environment; serve as the first line of escalation support for domain technology issues, guiding Managed Service Providers.
• Create and maintain system documentation for domain technologies, including installation, configuration, and troubleshooting steps.

Minimum Qualifications

• BS degree in Computer Science, Information Technology, or a computer-related discipline, or 5 years of IT experience in a global infrastructure environment.
• MCSE required; minimum 5 years of overall IT experience, with 3 years working with Microsoft Identity technologies, including Active Directory, Windows File Services, and Group Policies.
• Knowledge of AD, ADFS, PKI, DNS, DHCP, WINS, and DFS in Windows Server 2012/2016 environments.
• Knowledge of SCCM 2007/2012/2012 R2, including application packaging, OS deployment, role-based administration, and task sequencing.
• Working experience with scripting languages, including PowerShell, AdFind, Visual Basic Scripting, and LDAP queries.
• Deep understanding of monitoring best practices, preferably with SCOM.
• Extensive experience with server infrastructure, networking fundamentals, physical server architecture, and virtualization technologies, including VMware and Hyper-V.
• Knowledge of Microsoft Exchange, Quest Active Roles Server (ARS), and Powerbroker preferred.
• Self-motivated with excellent written and verbal communication skills, strong interpersonal skills, keen attention to detail, and the ability to work in a global team environment.

A key member of the service delivery team, the Active Directory Engineer produces clear fault diagnoses for complex problems and continuously reviews Active Directory services to ensure they remain fit for purpose and aligned with client requirements. Collaborating across workshops, seminars, and peer groups, this role minimizes service impact by devising effective solutions and workarounds and contributes to the evolution of the broader business area vision.

What You'll Do

• Ensure all activities are handled promptly and effectively.
• Proactively review implemented solutions to ensure they are fit for purpose, and provide improvements and changes to Active Directory services in support of client requirements and business strategy.
• Demonstrate expertise, commitment, and ingenuity in applying available facilities to non-standard situations.
• Diagnose underlying root causes and devise solutions or workarounds to minimize the impact on service.
• Keep skill sets relevant and identify the benefits of emerging technologies.
• Attend and contribute to workshops, seminars, and presentations that help enhance the business area vision.
• Carry out fault diagnosis for complex problems and report results in a clear and concise manner.

Required Qualifications

• Bachelor's degree or equivalent work experience.
• Experience supporting Active Directory services on Windows Server 2012/2016/2019, including configuration, performance management, and troubleshooting.
• Advanced PowerShell scripting skills with the ability to read code and automate daily activities.
• Good knowledge of Active Directory and major Windows component technologies, including networking, TCP/IP, DNS, and IPSec.
• Experience with AWS, Azure, internal cloud platforms, and traditional virtualization technologies, including VMware ESX and Hyper-V.
• Experience with Quest Toolset configuration and troubleshooting.
• Experience in SRE/DevOps environments and desired state configuration through Chef and CI/CD pipelines, including Jenkins, Git/Stash, and InSpec.
• Able to manage workload effectively, prioritize tasks, and present technical and business information clearly to peers, colleagues, and senior stakeholders.

Stable, available Active Directory infrastructure depends on the Active Directory Engineer, who advances patch management, maintenance, and troubleshooting of complex AD environments while designing new solutions, including domains, Group Policy Objects, and security hardening for customers. Serving as the primary Incident and Escalation Management resource, this work supports integration with Exchange, Skype, SharePoint, and OneDrive across the organization and with Microsoft directly.

Day-to-Day Responsibilities

• Meet with customers to understand needs and design new solutions, including new domains, Group Policy Objects, and security hardening.
• Troubleshoot complex issues in collaboration with Exchange, Skype, SharePoint, OneDrive, storage, networking, and other teams.
• Introduce new technologies into the AD environment, including Microsoft Forefront Identity Manager and Microsoft Direct Access.
• Work with Microsoft on patch fixes and troubleshooting issues.
• Perform regular maintenance, patching, and upgrade activity on the AD infrastructure.
• Ensure stability and availability of the Active Directory infrastructure.
• Provide Incident and Escalation Management support for the Active Directory infrastructure.
• Participate in non-standard work hours, including on-call coverage.

Qualifications & Experience

• Experience using Microsoft Active Directory on Windows 2008, 2008 R2, or 2012 R2.
• Experience as a Windows domain administrator for a large production domain.
• Experience with DHCP, DNS, and LDAP standards.
• Knowledge of O365/Microsoft Exchange and its integration with AD domains.
• Knowledge of surrounding IT infrastructure, including SAN and networks.
• Experience with Microsoft Forefront Identity Manager (FIM/MIM), Microsoft Direct Access, and SCOM is a plus; Microsoft Active Directory certifications are a strong plus.
• Strong oral and written communication skills.
• Ability to work effectively in a team.

As the Active Directory Engineer, this role oversees implementation, support, and maintenance of Windows systems infrastructure including Active Directory, DHCP, DFS, ADFS, and Certificate Services within a DoD environment requiring Security+ or higher certification. The organization relies on this work to deliver stable, secure, and scalable Windows systems that meet DoD policies, support all staff levels, and maintain server architecture security.

Scope of Work

• Implement, support, and maintain the organization's systems infrastructure, including hardware and software implementation and design.
• Assess the stability, security, and scalability of installed Windows systems.
• Research and initiate system and server upgrades with IT managers.
• Install or upgrade Windows systems and servers.
• Provide technical support for staff and back-end system users.
• Review and troubleshoot system error logs and user-reported errors.
• Manage user access to systems, maintain server architecture security, and create system backups.

Skills & Qualifications

• Bachelor's degree or equivalent experience; DoD 8570.01-M certification with Security+ or higher required.
• Current Microsoft Certification (MTA, MCSA, MCSE, or equivalent) required, including Windows Server certification.
• 5+ years of experience working with Windows, specializing in Active Directory.
• Prior experience with DoD policies and procedures.
• Prior experience with Microsoft Windows Server Core services, including DHCP, DFS, ADFS, Certificate Services, IIS, and DNS.
• Experience with network configuration, troubleshooting, patching, PKI, and server configuration.
• Ability to create PowerShell scripts.
• Experience with databases, patch management, LAN/WAN networks, network security systems, intrusion detection systems, and data backup.
• Expert knowledge of Microsoft Office products, including Excel, PowerPoint, Project, SharePoint, and Word.
• Detailed knowledge of Windows Server setup, deployment, and maintenance.
• Excellent written and verbal communication skills with the ability to work with all levels of management.

Active Directory Engineer produces design, implementation, and support of Microsoft Azure AD and Active Directory environments, including IAM policy, process integrations with Workday and RSA, and automation innovations to reduce operational overhead. Success in the position means collaborating within a diverse enterprise team, interacting with all levels of management and vendors, and delivering solutions that support enterprise applications on time and under pressure.

Work Activities

• Design, implement, and support Microsoft Azure AD and Active Directory environments.
• Oversee process and data integrations between Workday and Azure AD; administer RSA and Manage Engine integrations with Azure AD and AD as needed.
• Recommend, justify, and implement improvements using an accepted change control methodology.
• Design and deliver creative solutions, resolving problems in a timely and proactive manner, while collaborating within a diverse group.
• Design, implement, deploy, and maintain IAM policy and processes to support enterprise applications.
• Drive automation innovation to develop solutions to common problems and reduce operational overhead.
• Manage multiple complex parallel tasks and priorities, ensuring deadlines are met while leveraging team member skills.

Requirements

• Bachelor's degree in Computer Science, Computer Engineering, or a related field, or the equivalent combination of education and related experience.
• Comprehensive knowledge of Microsoft Azure AD and Active Directory in a large-scale enterprise setting.
• Experience with Workday required, and RSA desired.
• Proficient in written and verbal communication skills and strong interpersonal skills.
• Ability to interact with all levels of management, staff, vendors, contractors, and service providers.
• Ability to work in a dynamic, technical team environment with competing priorities and tight deadlines.
• Ability to maintain a professional manner and remain calm under pressure.

The Active Directory Engineer coordinates management and support of Active Directory and Identity and Access Management solutions across corporate and customer-facing environments, integrating transformational projects including SailPoint, Azure AD SSO/MFA, SIEM, and PAM. Partnering closely with the AD Architect and collaborating with networking, storage, and platform teams, this role enables secure, high-availability identity services and supports Microsoft 365 Secure Score and ongoing platform maintenance.

Performance Expectations

• Engineer and manage Active Directory in a complex Identity environment, supporting infrastructure for secure operation, high performance, and high availability.
• Manage and support Identity and Access Management solutions within corporate and customer-facing environments.
• Create and maintain Disaster Recovery documents related to the Active Directory environment.
• Collaborate with networking, storage, monitoring, and platform support teams to resolve service issues.
• Integrate domains with transformational Identity projects, including SailPoint, Microsoft Azure AD SSO/MFA, SIEM, and PAM; partner closely with the AD Architect to implement new initiatives.
• Manage Microsoft 365 Secure Score, interact with ATI (Threat Intelligence), and perform ongoing platform maintenance, server support, and troubleshooting.

Experience & Qualifications

• Bachelor's degree in Computer Science, Computer Engineering, or a related technology field.
• Experience in Security or Identity and Access Management, working directly with Microsoft Active Directory (2016 preferred).
• Deep understanding of Single Sign-On technologies, including SAML and Kerberos, and Multi-Factor Authentication design and implementation.
• Scripting experience in PowerShell or a similar language; ability to troubleshoot connectivity issues and interact with end-user administrators.
• Good understanding of Security Architecture, application design and integration, and cloud identity platforms for AWS, Azure, and Google Cloud.
• Experience with Quest Software for Active Directory, AD support for enterprise multi-site/multi-forest environments, and consolidating data centers with AD support during cloud migration is a plus.
• Security certifications (CISM, CISSP, CISA, CRISC, ITIL, PMP) are a plus.
• Knowledge of firewalls, load balancers, and port/protocols involved in connectivity is a plus.
• Able to interact with stakeholders and create PowerPoint and Excel reports.
• Able to create run books and provide 24/7 uptime and support.