Active Directory / Entra ID / IAM Engineer

Seeking an experienced Active Directory / Entra ID / IAM Engineer to support enterprise identity and access management services across production environments. This role is focused on maintaining and enhancing on-premises and cloud-based identity infrastructure, with deep emphasis on Active Directory, Microsoft Entra ID, hybrid identity operations, authentication services, and privileged access controls., * Provide day-to-day engineering and operational support for enterprise Active Directory and Entra ID environments supporting large-scale global user populations.

• Administer, harden, and support on-premises Active Directory infrastructure including domain controller build and maintenance, DNS (SRV records), LDAP, Kerberos, NTLM, GPO, OU structure, replication, and directory health.

• Support Microsoft Entra ID administration including Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), app registrations, and service principal governance.

• Maintain and support hybrid identity environments including AD Connect configuration, sync operations, failover between data center instances, and PowerShell-based sync troubleshooting.

• Administer PKI infrastructure including certificate authority management, certificate lifecycle, LDAP signing, and certificate installation on domain controllers and services.

• Support authentication and access solutions including SSO, federation (SAML, OIDC, OAuth2), MFA, and privileged access controls.

• Perform enterprise application onboarding and integration with identity platforms; troubleshoot authentication, authorization, and provisioning issues.

• Execute platform hardening aligned with Microsoft cumulative hardening guidance and enterprise security policy - including SMB signing, LDAP signing, Kerberos enforcement, and legacy protocol disablement.

• Support audit, compliance, and vulnerability remediation activities; respond to security findings from scanning tools such as Rapid7, Nessus, or CrowdStrike.

• Partner with infrastructure, cybersecurity, and application teams to deliver identity-related changes and service improvements.

• Develop and maintain runbooks, operational documentation, and support procedures; train follow-the-sun operations teams on repeatable workflows.

• Participate in on-call rotations, after-hours change windows, and incident response including major incident bridge management.

• Use PowerShell, Python, and Microsoft Graph / Entra APIs to automate operational tasks and improve efficiency.

• 8+ years of hands-on experience administering and supporting enterprise Active Directory - including building, hardening, and directly owning domain controllers.
• Knowledge of AD fundamentals: Kerberos and NTLM authentication protocols, DNS (SRV records), LDAP and LDAP signing, GPO design, replication, forest/domain architecture, and DC security hardening.
• Strong experience with Microsoft Entra ID including Conditional Access, MFA, Identity Protection, PIM, app registrations, and service principal governance.
• Hands-on experience with AD Connect in high-availability configurations including multi-data-center failover, sync troubleshooting, and PowerShell-based sync commands.
• Experience supporting hybrid identity environments across on-premises Active Directory and Microsoft Entra ID.
• Working knowledge of PKI infrastructure including certificate authority administration, LDAP signing, and certificate use cases on domain controllers.
• Experience with IAM and PAM platforms such as SailPoint, Okta, and CyberArk.
• Proficiency in PowerShell; Python and Microsoft Graph API experience preferred.
• Experience with enterprise SIEM platforms (Splunk preferred) for log analysis, dashboard use, and incident triage.