Active Directory Engineer
Role details
Job location
Tech stack
Job description
Will be responsible for analyzing Active Directory hundreds of group policies and making decisions on how to eliminate or streamline these policies trough automation via PowerShell scripting. The individual should have experience with enterprise level Active Directory solutions, specifically pertaining to security. The individual will work within the engineering organization have the ability to write PowerShell scripts from scratch , interacting with peer teams and partner groups, scaling and deploying improvement, consolidation and migration efforts within the enterprise. The candidate must be able to operate and function well in a multi-cultural, geographically dispersed virtual team environment., Remote Communication Operations Management Automation Operating Systems Full Stack Development Scripting Microsoft Access Linux Single Sign-On (SSO) Microsoft SQL Servers Windows PowerShell Active Directory Mitigation Consolidation Business Valuation Critical Illness Insurance Unix Virtual Teams Lightweight Directory Access Protocols IT Security Architecture Disaster Recovery Business Transformation Group Policy Public Key Infrastructure Kerberos (Protocol) CyberArk System Center Operations Management Integrated Windows Authentication NetIQ
Requirements
§ At least 5-10 years of dedicated Active Directory engineering and architecture experience that includes designing, implementing and maintaining
complex enterprise level (50K+ objects) Active Directory solutions and security models
3-5 years of Powershell Scripting with the ability to write scripts from scratch
§ Overarching broad and deep technical experience with Active Directory Security
§ Extensive experience and advanced knowledge implementing Windows security
concepts and policies, least-privilege design principles
§ Extensive knowledge of AD Security best-practices, latest security threats/trends and mitigation thereof
§ Experience with best practices for Active Directory disaster recovery, object management, security models and trust creation
§ Granular ACE permissions models meeting functional and technical requirements
§ Deep, in-depth working knowledge of Kerberos and NTLM authentication, MFA, SSO and federation technologies
§ Extensive and deep knowledge of Group Policy Objects (GPOs), engineering, implementing and 3rd party management solutions thereof
§ Strong knowledge of LDAP and ability to comfortably construct queries
§ Working knowledge of Certificate/CA/PKI infrastructure
§ Excellent communication skills, including proven experience effectively communicating technical challenges and solutions to peers, customers and management
Desired Skills:
§ Experience with Microsoft's Enhanced Security Architecture Environment (ESAE) - "Red/Bastion/Admin" forest design; including JIT (just in time) JEA (just
enough administration) concepts; Microsoft PAM (Privileged Access Manager)
§ Experience engineering password vaulting solutions (CyberArk, Lieberman, Thycotic, etc.)
§ PowerShell scripting experience and capabilities
§ MS SQL/DB knowledge
§ Microsoft or 3rd party management and monitoring solutions (SCCM, SCOM, VCM, NetIQ GPDH/GPA)
