Senior Active Directory Engineer

Job Description

Job Description

Job Title : Senior Active Directory Engineer

Location : Rockville, MD (Local candidates preferred or must be onsite for the first week of employment)

Employment Type : Full-time

Job Summary :

We are seeking a highly experienced Senior Active Directory Engineer with 15 years of expertise in designing, implementing, and managing complex Active Directory (AD) environments. The ideal candidate will have a strong background in operations, troubleshooting, domain controller builds, migrations, and cloud integrations. This role requires deep technical expertise in Active Directory, Group Policy, Federation Services, and hybrid cloud solutions.

Key Responsibilities :

Manage and maintain enterprise-level Active Directory infrastructure, ensuring high availability and security.

Perform complex troubleshooting and root cause analysis of AD-related issues, including authentication, replication, and performance concerns.

Design, deploy, and manage Domain Controllers, including upgrades, migrations, and integrations with on-premises and cloud-based environments.

Develop and enforce security policies through Group Policy Objects (GPOs) and other AD security controls.

Lead AD migrations and consolidations across different environments, including mergers, acquisitions, and cloud-based identity platforms.

Implement and manage hybrid identity solutions, integrating Azure Active Directory (Azure AD) with on-premises AD.

Work closely with security teams to enforce Identity & Access Management (IAM) best practices, including Multi-Factor Authentication (MFA) and Privileged Access Management (PAM).

Monitor and optimize AD performance, replication, and authentication processes.

Document and automate routine AD tasks using PowerShell and other scripting tools.

Provide expert-level support for escalated AD-related issues.

Collaborate with cloud and infrastructure teams on integrating AD with AWS, Azure, or other cloud services.

Ensure compliance with regulatory standards, such as NIST, HIPAA, and DoD security policies.

Required Qualifications :

15 years of experience in Active Directory operations, troubleshooting, and administration.

Expertise in managing Domain Controllers, including installations, upgrades, and decommissioning.

Strong knowledge of DNS, DHCP, LDAP, Kerberos, and PKI in an enterprise environment.

Hands-on experience with AD migrations, consolidations, and hybrid cloud integrations.

Proficiency in PowerShell scripting for automation and management.

Experience with Azure Active Directory (Azure AD), Azure AD Connect, and AD Federation Services (ADFS).

Deep understanding of Group Policy management, fine-grained password policies, and role-based access controls.

Strong experience with Microsoft security best practices and identity protection tools.

Excellent troubleshooting skills and ability to diagnose complex AD-related issues.

Experience with IAM frameworks, MFA, and PAM solutions (such as CyberArk, Okta, or Microsoft PIM).

Strong documentation, communication, and leadership skills.

Preferred Qualifications :

Microsoft certifications such as MCSE : Core Infrastructure, Azure Solutions Architect Expert, or MS-500.

Experience in large-scale AD environments (100,000 users) across multiple sites.

Knowledge of ITIL processes and change management.

Familiarity with hybrid cloud IAM architectures in AWS, Google Cloud, and Azure.

Experience with Zero Trust security frameworks and advanced security configurations.