Infrastructure Engineer - Active Directory

Revel IT
Columbus, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Columbus, United States of America

Tech stack

Microsoft Active Directory
Artificial Intelligence
Azure
Backup Devices
Cloud Computing
Cluster Analysis
Configuration Management
Computer Security
Dynamic Host Configuration Protocol
Desktop Computing
DNS
VMware ESX Servers
Monitoring of Systems
Identity and Access Management
Log Analysis
System Center Operations Management
Networking Basics
Routing
Citrix Systems
Performance Tuning
Public Key Infrastructure
Powershell
Role-Based Access Control
Remote Desktop Services
Azure
Cloud Services
Zero Trust Network Access
Vrealize Operations Manager (VROPS)
TCP/IP
Virtual Local Area Networks
VMware Virtualization
Software Vulnerability Management
Load Balancing
Cloud Monitoring
Large Language Models
Firewalls (Computer Science)
Information Technology
SolarWinds (Software)
Vcenter
Performance Monitor
Data Management
Veeam
Elastic Beanstalk
Commvault
VMware

Job description

Our Columbus, Ohio client is growing their infrastructure team and has a contract-to-hire opportunity for a Senior Infrastructure Engineer - Active Directory who will design and operate Active Directory and hybrid identity, partner on cloud identity patterns, and be the person both engineers and leadership rely on when authentication is on the line.

This role requires deep expertise in AD DS, Group Policy, DNS/DHCP, PKI alignment, replication, and hybrid identity integration-with Zero Trust architecture instincts and the security depth to back them up. You'll serve as the technical leader for identity operations and collaborate closely with security, cloud, application, and infrastructure peers.

Responsibilities Identity, Active Directory, and hybrid directory

  • Design, implement, and maintain Active Directory (sites, replication, OU/GPO models, trust relationships) and closely coupled services (DNS, DHCP) with clear standards and change control.
  • Implement and evolve hybrid identity patterns (for example Microsoft Entra ID / Connect, hybrid join, federation concepts, conditional access alignment) in partnership with security and cloud teams.
  • Enforce identity, privileged access, and Group Policy practices that meet audit and risk expectations; support certificate and authentication models where they touch AD.
  • Lead recovery and forest/domain health scenarios with documented playbooks and measurable recovery objectives.

Infrastructure and cloud operations

  • Design and maintain hybrid infrastructure spanning on-premises and cloud platforms, with identity as the integration layer across workloads.
  • Operate and support VMware ESXi and vCenter environments that host directory-related and dependent workloads.
  • Support enterprise storage (SAN/NAS) for performance, redundancy, and recoverability of identity and infrastructure services.
  • Collaborate with the Citrix team to ensure AD authentication, GPO policies, and session delivery integration are correctly configured-you influence identity behavior here, not platform administration.
  • Manage enterprise backup and recovery for critical identity and infrastructure targets; validate restores and retention against policy.
  • Perform routine maintenance, upgrades, and patching across servers, virtualization, and cloud-connected systems with minimal customer impact.

Service optimization and cost management

  • Evaluate and optimize resource utilization across on-premises and cloud platforms.
  • Recommend and implement cost-aware strategies for compute, storage, and cloud consumption.
  • Analyze trends and propose improvements that increase service efficiency and availability.

Security, compliance, and risk management

  • Drive security hardening across AD, servers, virtualization, and connected cloud services-including Tiered Administration (PAW model), LAPS deployment, and Microsoft Defender for Identity for real-time threat detection across the directory.
  • Monitor and remediate vulnerabilities through patching, configuration management, and risk mitigation aligned to SLAs.
  • Maintain compliance with corporate policies, audit requirements, and industry standards.

Technical leadership and support

  • Serve as a senior escalation point for infrastructure incidents and problems with an identity-centric lens.
  • Lead technical root cause analysis and implement durable corrective actions.
  • Mentor junior engineers and contribute to infrastructure engineering standards and patterns.
  • Participate in planning and executing major projects, migrations, and deployments.

Performance monitoring, capacity, and documentation

  • Monitor performance across servers, virtualization, storage, and cloud services; conduct capacity planning for compute, storage, and network resources.
  • Implement monitoring and alerting for proactive detection of directory and platform issues.
  • Create and maintain technical documentation, diagrams, build guides, SOPs, and compliance evidence; report on health, performance, and posture.

Collaboration and stakeholder engagement

  • Partner with application, security, cloud, and networking teams for end-to-end solutions.
  • Work with business stakeholders to translate requirements into scalable, supportable designs.
  • Communicate clearly to technical and non-technical audiences.

Leveraging AI for identity and directory engineering Identity environments generate rich signals-replication events, authentication logs, GPO deltas, hybrid sync errors-that AI can structure into timelines and hypotheses far faster than manual review. We use enterprise-approved tooling responsibly, with change control and peer validation built into every workflow.

  • Use approved assistants to summarize replication events, authentication logs, and GPO reports into structured timelines for incident review-then verify against authoritative tools.
  • Draft and refine runbooks (forest recovery, authoritative restore decisions, PKI renewal, hybrid sync troubleshooting) as starting points; require SME sign-off before production use.
  • Accelerate safe PowerShell and configuration snippets for repetitive AD operations with peer review, mandatory test environments, and strict secrets handling.
  • Improve knowledge articles and architecture narratives for hybrid identity; reduce duplicate tribal knowledge with searchable, reviewed content.
  • Partner with security operations on anomaly-detection narratives and false-positive triage where AI-assisted workflows are adopted.

Requirements

  • 7-10+ years in IT infrastructure engineering or systems administration roles.
  • Proven experience supporting large, enterprise-scale Active Directory and hybrid environments.
  • Strong hands-on experience with VMware virtualization, storage systems, and enterprise backup solutions.
  • Demonstrated experience in Citrix environments and remote desktop or VDI infrastructure.
  • Background in high-availability, security, and compliance-conscious environments.

Expert skills

  • Active Directory and identity services: AD DS, Group Policy, OU design, replication, DNS/DHCP, RBAC models, PKI integration points, Tiered Administration (PAW model), and LAPS.
  • Hybrid infrastructure: on-premises to cloud integrations, identity federation patterns, hybrid join, conditional access alignment with security.
  • VMware: ESXi, vCenter, clustering, vMotion, HA/DRS, templates, snapshots (used responsibly).
  • Storage systems: SAN/NAS management, iSCSI/FC, performance tuning, redundancy strategies.
  • Backup and recovery: enterprise backup platforms (for example Veeam, Commvault, Rubrik), DR strategies, offsite retention.
  • Security hardening: AD and server hardening, MFA and passwordless alignment, privileged access control (PAW/tiering model), Microsoft Defender for Identity, LAPS, and patching and vulnerability management.

Advanced skills

  • Cloud platforms: Microsoft Entra / Azure AD, Azure IaaS/PaaS services, identity lifecycle, cloud networking.
  • Citrix technologies: Virtual Apps and Desktops, StoreFront, Citrix Gateway, profile management, licensing.
  • Scripting and automation: PowerShell (required), automation workflows, configuration-as-code familiarity.
  • Monitoring and observability: tools such as SolarWinds, SCOM, vROps, Azure Monitor, Log Analytics.
  • Networking fundamentals: TCP/IP, firewalls, load balancing, VLANs, routing basics, zero trust principles.
  • Strong communicator with the ability to navigate stakeholder relationships across technical and non-technical audiences, maintain rigorous documentation discipline, and drive outcomes through cross-team collaboration.
  • Familiarity with approved LLM or AIOps tooling applied to identity telemetry and runbook quality is a plus.

Apply for this position