Parsons CorporationRemote
Principal Entra ID & Active Directory Engineer
United States of America
Full Time
1 week ago
$112,000 - $196,000 USD
No H1B
Key skills
Active DirectoryMicrosoft Entra ID (Azure AD)PowerShellMicrosoft GraphEntra ConnectAzure AD DSActive Directory schema updatesActive Directory replicationGroup Policy Objects (GPO)DNSDHCPDistributed File System (DFS)Public Key Infrastructure (PKI)Active Directory Federation Services (ADFS)NTFSDirectory BackupDisaster RecoveryAutomationAzure AutomationLogic AppsIdentityAccess Management (IAM)NIST 800-53NIST 800-171CMMCFedRAMPSOXDFARSGDPROktaIdentity Providers (IdPs)CommercialU.S. Federal Environment SupportClear Technical CommunicationAzureIAMAzure ADEntra IDLeadershipCommunicationZero Trust
About this role
Parsons Corporation is seeking a Principal Entra ID & Active Directory Engineer to establish and lead a dedicated support team for Microsoft Entra ID and Active Directory. The role involves technical leadership, administration of directory services, and ensuring compliance with federal regulations.
Responsibilities:
- Serve as the hands-on technical lead and subject matter expert for Entra ID and Active Directory environments across commercial and U.S. Federal tenants
- Establish and operate a centralized Entra ID and Active Directory support function, including support models, standards, and escalation processes
- Lead incident response, root-cause analysis, and long-term remediation for directory-related issues
- Partner with IAM, Security, Infrastructure, and Compliance teams while maintaining clear ownership boundaries
- Identify and engage subject matter experts and shared service resources across the organization to enhance supportability, operational efficiency, and scalability of existing platforms and environments
- Acting as escalation point for directory/domain issues
- Root Cause Analysis and Problem Management
- SME advisory posture for directory and identity platforms
- Analyzing the environment and driving continuous improvement plans
- Managing stakeholder expectations through clear technical communication
- Manage and coordinate identity related external DNS records (such as Entra ID custom domain validation, authentication related records, and federation dependencies), working with network or hosting teams as needed
- Administer Microsoft Entra ID (Azure AD) tenants
- Administer on-premises Active Directory forests and domains
- Support hybrid identity configurations such as Entra Connect and cloud sync
- Manage directory objects, groups, roles, and service accounts
- Support directory-dependent enterprise applications from a platform perspective
- AD Windows Server functional support (GPO, DNS, DHCP, DFS, PKI, ADFS, NTFS)
- Installation, configuration, and troubleshooting of AD, Entra ID, Azure AD DS
- Active Directory schema updates
- Experience with Microsoft Entra ID Conditional Access Policies
- Expert-level AD and Entra ID platform knowledge
- AD replication, Sites & Services, FSMO roles
- Directory-level backup and disaster recovery support
- Automate Entra ID/AD operational tasks using Microsoft Graph and PowerShell to reduce manual work and improve consistency
- Operationalize directory automation via Azure Automation and/or Logic Apps for repeatable checks, reporting, and housekeeping
- Advise and enable IAM-owned automation patterns without taking ownership of IAM governance execution
- Improve directory hygiene through automated validation, monitoring, and actionable operational insights
- Directory hygiene automation
- Operational checks and validation
- Platform-level lifecycle housekeeping (not IAM governance)
- Tooling (Graph, PowerShell, Azure Automation, Logic Apps)
- Operate directory services in alignment with U.S. Federal regulatory requirements including NIST 800-53, NIST 800-171, CMMC, and FedRAMP
- Support audit readiness through documentation and evidence collection
- Collaborate with Security and Compliance teams to remediate directory-related findings
- NIST, CMMC, FedRAMP, SOX, DFARS, GDPR support
- Audit readiness, evidence collection
- Remediation of directory-related findings
- Alignment with federal and regulated environment expectations
Requirements:
- 8+ years of Active Directory experience in enterprise environments
- 5+ years administering Microsoft Entra ID (Azure AD)
- Experience supporting commercial and U.S. Federal environments
- Strong proficiency in PowerShell, Microsoft Graph or equivalent Microsoft‑supported scripting and automation tooling used for Entra ID and Active Directory operations
- Must be a U.S. Person as defined by applicable U.S. government regulations due to access to controlled or export‑restricted information
- Experience with integrating Active Directory and Entra Id with Okta or other IdPs
- Experience with GCC or GCC High environments
- Familiarity with Zero Trust principles
- Experience modernizing large-scale Active Directory environments