Active Directory Engineer

Job Title: Active Directory Engineer (GPO)

Location: Charlotte, NC | Pennington, NJ | Plano, TX (Hybrid – 3 Days Onsite, 2 Days Remote)

Duration: 12-Month Contract (Potential Extension up to 36 Months)

Job Overview:

• This role involves security-focused AD engineering, GPO administration, PowerShell scripting, and supporting 50K users/endpoints in a financial environment.

Key Responsibilities:

• Design, implement, and support enterprise Active Directory solutions with a strong focus on security.
• Manage Group Policy Objects (GPOs), including cleanup and decommissioning of legacy policies.
• Provide 4th-level escalation support for AD-related issues.
• Develop standards, target states, and roadmaps for AD infrastructure.
• Perform large-scale AD migrations, upgrades, and consolidations.
• Work closely with engineering, operations, and security teams to optimize AD environments.
• Ensure compliance with audit and security requirements.
• Develop and maintain PowerShell scripts for automation and AD administration.

Required Qualifications:

• 5-10 years of hands-on Active Directory engineering experience in large enterprise environments (50K objects).
• Strong experience with Group Policy Objects (GPOs) and GPO administration tools (GPMC, Quest GPO Admin, etc.).
• Advanced PowerShell scripting skills for AD automation.
• Deep knowledge of Windows security models, least-privilege design, and Active Directory security best practices.
• Experience with authentication protocols (Kerberos, NTLM, MFA, SSO, Federation).
• Strong understanding of Windows Server, DNS, DMZ, firewalls, and network security zones.
• Experience supporting high-scale enterprise environments (50K users/endpoints).
• Ability to troubleshoot AD-related incidents and security vulnerabilities.
• Excellent communication and stakeholder management skills.

Preferred Skills:

• Experience with Microsoft’s Enhanced Security Admin Environment (ESAE).
• Knowledge of CyberArk, Thycotic, or other privileged access management tools.
• Familiarity with Azure AD integration and RESTful APIs.
• Scripting experience in C#, Python, VBScript, or JavaScript.
• Experience with Red Team security assessments.