Senior Active Directory - Cloud Identity...

We are seeking a Senior Directory Services analyst to modernize our enterprise identity platform across on-prem Active Directory, LDAP's, and other cloud-based directories and stores. The role is focused on securing employee, partner, and application access in a highly-regulated financial services environment and will partner closely with security, infrastructure, and application teams. If you are passionate about identity security and thrive in high-stakes environments, this role offers the chance to make a measurable impact on the security posture of a global enterprise., + Lead architecture, engineering, and operations for Active Directory forests, domains, and Group Policy in a multi-site, highly regulated environment.

• Design and drive adoption of hybrid identity solutions integrating on-prem and cloud-based services.

• Implement and optimize authentication and authorization controls: SSO, MFA, Conditional Access, identity protection, and modern protocols (SAML, OAuth2, OIDC).

• Define and enforce standards for identity lifecycle : joiner/mover/leaver processes, automated provisioning/deprovisioning, access reviews, and role-based access control (RBAC).

• Partner with stakeholders and business teams to implement least-privilege, privileged access management (PAM), and Zero Trust-aligned identity controls.

• Lead and support AD and identity-related projects : domain/forest consolidation, mergers/acquisitions, cloud migrations, and re-platforming.

• Enhance monitoring, alerting, and reporting for directory and identity health, security posture, and compliance (audit trails, SOX, GLBA, PCI, etc.)

• Develop and maintain scripts and automation (primarily PowerShell) to drive consistency, efficiency, and security in identity operations.

• Serve as a senior SME and escalation point for complex identity incidents, outages, and security events.

• Produce and maintain technical documentation , runbooks, standards, and architecture diagrams for AD and cloud identity services.

• Mentor and guide junior engineers, analysts, and admins and contribute to identity and access strategy and roadmap., Bank of America and its affiliates consider for employment and hire qualified candidates without regard to race, religious creed, religion, color, sex, sexual orientation, genetic information, gender, gender identity, gender expression, age, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law, and as such affirms in policy and practice to support and promote the concept of equal employment opportunity, in accordance with all applicable federal, state, provincial and municipal laws. The company also prohibits discrimination on other bases such as medical condition, marital status or any other factor that is irrelevant to the performance of our teammates.

View your "Know your Rights (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12.pdf) " poster.

View the LA County Fair Chance Ordinance (https://dcba.lacounty.gov/wp-content/uploads/2024/08/FCOE-Official-Notice-Eng-Final-8.30.2024.pdf) .

• 10+ years of hands-on experience administering and engineering enterprise Active Directory in a large, multi-site environment.

• Strong expertise in: AD forest/domain design, trusts, DNS, Group Policy, replication, and AD security hardening.

• 5+ years working with Azure AD/Entra ID and hybrid identity (synchronization, federation, ADFS or equivalent, cloud-only and hybrid scenarios).

• Deep understanding of identity and access management concepts: authentication, authorization, RBAC, least privilege, PAM, Zero Trust.

• Strong experience with MFA, Conditional Access, SSO, and identity federation using SAML, OAuth2, and OpenID Connect.

• Proficiency with PowerShell for automation, reporting, and bulk operations in AD and Azure AD.

• Experience operating in regulated environments (preferably banking/financial services) with audit, risk, and compliance requirements.

• Solid understanding of networking and security fundamentals (TCP/IP, firewalls, TLS, certificates, PKI as it relates to identity).

• Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.

Desired Qualifications:

• Experience with IAM platforms such as Okta, Ping, ForgeRock, SailPoint, or similar.

• Experience with AWS IAM and/or GCP IAM and integrating them with corporate identity.

• Background with PAM solutions (CyberArk, Delinea/Thycotic, BeyondTrust, Hashi, etc.).

• Relevant certifications: Microsoft Certified: Identity and Access Administrator Associate, Azure Administrator, Security Engineer, or equivalent.

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day. Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates' physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!, Bank of America aims to create a workplace free from the dangers and resulting consequences of illegal and illicit drug use and alcohol abuse. Our Drug-Free Workplace and Alcohol Policy ("Policy") establishes requirements to prevent the presence or use of illegal or illicit drugs or unauthorized alcohol on Bank of America premises and to provide a safe work environment. Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations. Should you be offered a role with Bank of America, your hiring manager will provide you with information on the in-office expectations associated with your role. These expectations are subject to change at any time and at the sole discretion of the Company. To the extent you have a disability or sincerely held religious belief for which you believe you need a reasonable accommodation from this requirement, you must seek an accommodation through the Bank's required accommodation request process before your first day of work. This communication provides information about certain Bank of America benefits. Receipt of this document does not automatically entitle you to benefits offered by Bank of America. Every effort has been made to ensure the accuracy of this communication. However, if there are discrepancies between this communication and the official plan documents, the plan documents will always govern. Bank of America retains the discretion to interpret the terms or language used in any of its communications according to the provisions contained in the plan documents. Bank of America also reserves the right to amend or terminate any benefit plan in its sole discretion at any time for any reason.