Lead architecture, engineering, and operations for Active Directory forests, domains, and Group Policy in a multi-site, highly regulated environment.
Design and drive adoption of hybrid identity solutions integrating on‑prem and cloud-based services.
Implement and optimize authentication and authorization controls: SSO, MFA, Conditional Access, identity protection, and modern protocols (SAML, OAuth2, OIDC).
Define and enforce standards for identity lifecycle: joiner/mover/leaver processes, automated provisioning/deprovisioning, access reviews, and role-based access control (RBAC).
Partner with stakeholders and business teams to implement least-privilege, privileged access management (PAM), and Zero Trust-aligned identity controls.
Lead and support AD and identity-related projects: domain/forest consolidation, mergers/acquisitions, cloud migrations, and re-platforming.
Enhance monitoring, alerting, and reporting for directory and identity health, security posture, and compliance (audit trails, SOX, GLBA, PCI, etc.).
Develop and maintain scripts and automation (primarily PowerShell) to drive consistency, efficiency, and security in identity operations.
Serve as a senior SME and escalation point for complex identity incidents, outages, and security events.
Produce and maintain technical documentation, runbooks, standards, and architecture diagrams for AD and cloud identity services.
Mentor and guide junior engineers, analysts, and admins and contribute to identity and access strategy and roadmap.

Requirements

10+ years of hands-on experience administering and engineering enterprise Active Directory in a large, multi-site environment.
Strong expertise in: AD forest/domain design, trusts, DNS, Group Policy, replication, and AD security hardening.
5+ years working with Azure AD/Entra ID and hybrid identity (synchronization, federation, ADFS or equivalent, cloud-only and hybrid scenarios).
Deep understanding of identity and access management concepts: authentication, authorization, RBAC, least privilege, PAM, Zero Trust.
Strong experience with MFA, Conditional Access, SSO, and identity federation using SAML, OAuth2, and OpenID Connect.
Proficiency with PowerShell for automation, reporting, and bulk operations in AD and Azure AD.
Experience operating in regulated environments (preferably banking/financial services) with audit, risk, and compliance requirements.
Solid understanding of networking and security fundamentals (TCP/IP, firewalls, TLS, certificates, PKI as it relates to identity).
Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.

Benefits

Discretionary incentive eligible
This role is currently benefits eligible.
Industry-leading benefits
Access to paid time off
Resources and support for employees

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Active DirectoryAzure ADPowerShellMFASSOConditional AccessRBACidentity federationSAMLOAuth2

Soft Skills

communicationmentoringstakeholder engagementproblem-solvingtechnical documentation