Infrastructure Architect
Role details
Job location
Tech stack
Requirements
About the job Windows / Active Directory Infrastructure Architect Location: New York, NY We are seeking an experienced Windows / Active Directory Infrastructure architect to support and modernize a large-scale, mission-critical Microsoft infrastructure environment. This role is part of a managed systems engineering team responsible for maintaining highly available compute infrastructure that supports global business operations 24/7. The ideal candidate will have deep hands-on experience with Active Directory architecture, security, administration, automation, and infrastructure hardening in a large enterprise environment. This position will play a key role in strengthening identity services, improving reliability, enhancing security posture, and supporting the continued evolution of Windows services across a complex distributed environment. Key Responsibilities: * Design, administer, secure, and support large-scale Active Directory environments, including forests, domains, trusts, replication strategies, and privileged access models. * Manage and enhance core Microsoft infrastructure services including Active Directory, Group Policy, DNS, DHCP, and Windows Server platforms. * Support modernization efforts for enterprise identity and authentication services across development and production environments. * Implement and maintain Active Directory security controls, hardening initiatives, and vulnerability remediation efforts. * Deploy and manage Windows Local Administrator Password Solution and other privileged access security tools. * Support MFA implementation for critical systems and privileged access workflows. * Deploy and manage Windows security features such as Credential Guard and other credential theft mitigation technologies. * Assess Active Directory environments for security risks, misconfigurations, and privilege escalation paths. * Apply least-privilege principles, administrative tiering models, privileged access management practices, and secure workstation strategies. * Automate administrative tasks, reporting, and operational processes using PowerShe * ll.Partner with security, compliance, and infrastructure teams to support auditing, governance, and regulatory requirements. * Create and maintain clear technical documentation, operational procedures, and infrastructure standards. Required Qualifications: * 7+ years of experience architecting, administering, and securing Active Directory in large enterprise environments. * Strong expertise in Active Directory, Group Policy, DNS, DHCP, and Windows Server administration. * Experience in CyberArk PAM * Hands-on experience implementing Active Directory security controls and hardening initiatives. * Experience deploying and managing Windows Local Administrator Password Solution. * Experience implementing and supporting MFA for key systems. * Experience with Windows security technologies such as Credential Guard and other credential theft mitigation solutions. * Strong understanding of identity lifecycle management, authentication protocols including Kerberos and NTLM, and access control models. * Proven experience designing and implementing AD forests, domains, trusts, replication, and privileged access models. * Knowledge of Active Directory tiering, privileged access management, administrative workstation strategies, and least-privilege practices. * Experience identifying and remediating Active Directory vulnerabilities and misconfigurations. * Strong PowerShell scripting and automation skills. * Experience working in regulated environments with a focus on compliance, auditing, and security governance. * Bachelor's degree in Computer Science, Engineering, Mathematics, a related field, or equivalent professional experience. Preferred Qualifications: * Familiarity with Active Directory security assessment tools, attack path analysis, and privilege escalation remediation. * Experience integrating Active Directory with Linux systems, SaaS applications, or other enterprise platforms. * Strong understanding of EDR, endpoint security, and security monitoring solutions within Windows environments. * Strong documentation, communication, and cross-functional collaboration skills. * Proactive problem-solving mindset with a focus on continuous improvement. * Microsoft certifications such as Identity and Access Administrator Associate, Security Operations Analyst Associate, Azure Solutions Architect, or similar credentials.