Active Directory Engineer

Prism, Inc
Washington, DC
Nov 27, 2022
Nov 30, 2022
Engineer, IT, QA Engineer
Full Time
*Senior Active Directory Engineer *provides support, implementation, and design services for Microsoft's on-premises and cloud identity platforms to including but not limited to Microsoft Windows Active Directory (AD), Microsoft Azure Active Directory (AAD), Microsoft Active Directory Federation Services (ADFS) and Microsoft Azure Application Proxy (AZAP). The Active Directory Architect is also a subject matter expert in using Active Directory Group Policy to implement security standards on Domain Controllers, Domain Member Servers and Domain Member Workstations.This role requires an in-depth knowledge of the Active Directory, Domain controllers, Azure Cloud, and a proficiency in PowerShell scripting. The candidate must have demonstrated prior and active experience in managing multi-domain issues.*Responsibilities include: ** Create and document detailed guides and tracking documents - for clients to leverage as part of Active Directory hardening and overall infrastructure enhancements.* Tier 3 level troubleshooting including diagnosing complex replication and multi domain issues.* Develop standards, target states, roadmaps, effectively communicating and obtaining consensus across architecture, engineering, and operations teams*Required Experience** Experience administering AD, AAD and ADFS in hybrid environments* Experience administering AD and AAD support services such as AAD Conditional Access Policies, AAD Self-Service Password Reset (SSPR), AAD Connect and Windows Server DNS* Experience designing, testing, deploying and maintaining Active Directory Group Policy (GPO) for the purpose of securing Domain Controllers, Domain Member Servers and Domain Member Workstations* Analyzing security risks with proposed changed to AD, AAD, ADFS, AZAP, Domain Controllers, GPOs, etc. and providing an understandable summary of those risks to management for proper implementation decisions* Experience administering multiple AD forests with forest trusts.* Knowledge of Microsoft Identity Manager* Knowledge on configuring, deploying and onboarding applications for remote access via AZAP, including the use of Kerberos constrained delegation (KCD) for Single Sign On.* Experience working with cyber security teams to actively update AAD conditional access policy and AD Group Policies as determined by cyber threats and operational requirements* Knowledge of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) - as it pertains to Enterprise Domain design and support* Strong working knowledge of Windows 2016 and 2019 Member Servers and Domain Controller operating systems platforms, DNS, networks, DMZs, network security zones* PowerShell scripting experience and capabilities* Knowledge of ADDS, ADFS, Azure AD and Windows Server Operating Systems 2016 & up.* Hands-on expertise with Azure AD Connect and AD Cloud SaaS.*Required Clearance** Clearable for a DOD Top Secret (Must have an Interim Secret Clearance to start work with the ability to obtain Top Secret)Job Type: Full-timePay: $135,000.00 - $150,000.00 per yearBenefits:* 401(k)* Dental insurance* Flexible schedule* Flexible spending account* Health insurance* Life insurance* Paid time off* Retirement plan* Vision insuranceSchedule:* 8 hour shift* Monday to Friday* No weekendsAbility to commute/relocate:* Washington, DC 20006: Reliably commute or planning to relocate before starting work (Required)Application Question(s):* Are you eligible for a DOD Top Secret Clearance? (We will sponsor you for a Top Secret Clearance)Experience:* Active Directory: 5 years (Required)* Systems engineering: 10 years (Required)* Azure Active Directory: 3 years (Required)* ADFS: 1 year (Required)* Azap: 1 year (Preferred)* Domain Controllers: 3 years (Required)* Azure AD Connect: 1 year (Preferred)Security clearance:* Secret (Preferred)Work Location: Hybrid remote in Washington, DC 20006