Active Directory Architect / Engineer in Upper Marlboro
Role details
Job location
Tech stack
Job description
Leidos is seeking a highly skilled Active Directory Architect / Engineer to review and re-architect ATR's Microsoft Active Directory and hybrid environments. The candidate will be responsible for overseeing the implementation, optimization, and ongoing management of the updated architecture and will play a key role in maintaining integrity, availability, and security of and access management systems that support the entire ATR organization. This position focuses on both the on-premises Active Directory Domain Services (AD DS) and integration with Microsoft Entra ID (formerly Azure AD)., Design, deploy, upgrade, and administer Active Directory Domain Services, including domain controllers, forests, domains, trusts, and replication topologies (i.e. Manage and optimize Group Policy Objects (GPOs), OU structures, and security baselines; including object management through bulk operations and automation, Troubleshoot and resolve complex AD-related issues, including authentication failures, replication problems, DNS issues, and Kerberos/NTLM problems, Plan and execute Active Directory migrations, consolidations, and upgrades (of both underlying server infrastructure and overall forest/domain functional levels), Develop and maintain disaster recovery, backup, and restore procedures for AD environments (including AD Recycle Bin and authoritative restores), Monitor AD health and performance using tools such as Microsoft System Center, Azure Monitor, or third-party solutions).
Requirements
Bachelor's degree in Computer Science, Information Technology, Engineering, OR in a related field and 12+ years of relevant experience OR Masters degree with 10+ years of relevant experience . Additional years of experience will be considered/accepted in lieu of a degree. \n
-
\n 12+ years of hands-on experience as an Active Directory Architect, Engineer, OR Senior Administrator in complex enterprise environments. \n
-
\n Deep expertise in designing, deploying, upgrading, and administering Microsoft Active Directory Domain Services (AD DS), including domain controllers, multi-domain/forest architectures, trusts, replication topologies, Group Policy Objects (GPOs), OU design, and security baselines. \n
-
\n Strong experience with hybrid solutions, including synchronization and integration between on-premises AD DS and Microsoft Entra ID (formerly Azure AD). \n
-
\n Proven track record in troubleshooting and resolving complex AD issues (authentication failures, replication, DNS, Kerberos/NTLM, etc.)., Strong communication skills and ability to work independently as a contractor in a dynamic environment.
Benefits & conditions
At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success.
\n
\n
We empower our teams, contribute to our communities, and operate sustainable. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community.
\n
\n
Our Mission, Vision, and Values guide the way we do business.
\n
\n
If this sounds like the kind of environment where you can thrive, keep reading!
\n
\n
The Digital Modernization Sector brings together our digital transformation and IT programs, allowing us to better serve our customers through scale and repeatability.
\n
(Group Profile/Link to Group page) - https://www.leidos.com/capabilities/digital-modernization
\n
\n
Your Next Great Adventure Awaits!
\n
\n, n
-
\n Implement and maintain Advanced Microsoft Entra ID (Azure AD), Okta, hybrid models, Privileged Access Management (PAM), and Public Key Infrastructure services in compliance with federal standards (e.g. NIST and DISA STIG). \n
-
\n Engineer and implement security best practices including: (i.e. Privileged Access Management (PAM), Just-In-Time (JIT) access, tiered administration, and Least Privilege principles, Zero Trust network access (ZTNA), secure enclave integration, and defense-in-depth methodologies, Compliance with security standards, regulatory requirements (SOC 2, ISO 27001, HIPAA, CMMC, etc.), and internal policies. \n
-
\n Collaborate with Security, Endpoint, Cloud, and Application teams on -related projects and incident response. \n
-
\n Automate repetitive tasks using PowerShell, Microsoft Graph, Python, and Infrastructure as Code (leveraging Ansible) where applicable. \n
\n
\n, Experience with Active Directory migrations, consolidations, forest/domain functional level upgrades, and infrastructure modernization. \n
-
\n Solid understanding of disaster recovery, backup/restore procedures for AD (including AD Recycle Bin and authoritative restores). \n
-
\n Experience implementing and managing Privileged Access Management (PAM), Just-In-Time (JIT) access, tiered administration models, and Least Privilege principles. \n
-
\n Working knowledge of Public Key Infrastructure (PKI), Zero Trust Network Access (ZTNA), secure enclaves, and defense-in-depth security strategies. \n
-
\n Familiarity with compliance frameworks and federal standards such as NIST, DISA STIGs, SOC 2, ISO 27001, HIPAA, and CMMC. \n
-
\n Proficiency in automation and scripting using PowerShell, Microsoft Graph, Python, and Infrastructure as Code tools (e.g., Ansible). \n
-
\n Experience collaborating with Security, Cloud, Endpoint, and Application teams on -related initiatives and incident response. \n