Senior Active Directory – Cloud Identity Specialist
United States
Full Time
3 days ago
$135,000 - $182,100 USD
H1B Sponsor
Key skills
AzureCloudDNSFirewallsTCP/IPPowerShellAzure ADEntra IDSAMLActive DirectorySSOCommunicationZero Trust
About this role
Role Overview
- Lead architecture, engineering, and operations for Active Directory forests, domains, and Group Policy in a multi-site, highly regulated environment.
- Design and drive adoption of hybrid identity solutions integrating on‑prem and cloud-based services.
- Implement and optimize authentication and authorization controls: SSO, MFA, Conditional Access, identity protection, and modern protocols (SAML, OAuth2, OIDC).
- Define and enforce standards for identity lifecycle: joiner/mover/leaver processes, automated provisioning/deprovisioning, access reviews, and role-based access control (RBAC).
- Partner with stakeholders and business teams to implement least-privilege, privileged access management (PAM), and Zero Trust-aligned identity controls.
- Lead and support AD and identity-related projects: domain/forest consolidation, mergers/acquisitions, cloud migrations, and re-platforming.
- Enhance monitoring, alerting, and reporting for directory and identity health, security posture, and compliance (audit trails, SOX, GLBA, PCI, etc.).
- Develop and maintain scripts and automation (primarily PowerShell) to drive consistency, efficiency, and security in identity operations.
- Serve as a senior SME and escalation point for complex identity incidents, outages, and security events.
- Produce and maintain technical documentation, runbooks, standards, and architecture diagrams for AD and cloud identity services.
- Mentor and guide junior engineers, analysts, and admins and contribute to identity and access strategy and roadmap.
Requirements
- 10+ years of hands-on experience administering and engineering enterprise Active Directory in a large, multi-site environment.
- Strong expertise in: AD forest/domain design, trusts, DNS, Group Policy, replication, and AD security hardening.
- 5+ years working with Azure AD/Entra ID and hybrid identity (synchronization, federation, ADFS or equivalent, cloud-only and hybrid scenarios).
- Deep understanding of identity and access management concepts: authentication, authorization, RBAC, least privilege, PAM, Zero Trust.
- Strong experience with MFA, Conditional Access, SSO, and identity federation using SAML, OAuth2, and OpenID Connect.
- Proficiency with PowerShell for automation, reporting, and bulk operations in AD and Azure AD.
- Experience operating in regulated environments (preferably banking/financial services) with audit, risk, and compliance requirements.
- Solid understanding of networking and security fundamentals (TCP/IP, firewalls, TLS, certificates, PKI as it relates to identity).
- Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.
Tech Stack
- Azure
- Cloud
- DNS
- Firewalls
- TCP/IP
Benefits
- Discretionary incentive eligible
- This role is currently benefits eligible.
- Industry-leading benefits
- Access to paid time off
- Resources and support for employees