Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
TGen - Part of City of Hope

Mid-Level Entra/Active Directory Engineer

TGen - Part of City of Hope

Mid-Level Entra/Active Directory Engineer at TGen, a nonprofit medical research institute improving medicine through genomics. Focused on identity infrastructure for seamless access to computing resources.

Posted 6/24/2026full-timePhoenix • Arizona • 🇺🇸 United StatesLeadWebsite

Tech Stack

Tools & technologies
AnsibleAzureCloudDNSLinuxNFSUnix

About the role

Key responsibilities & impact
  • Validate existing cloud-based Entra ID to on-prem AD environment and configuration
  • Validate existing Entra ID to Okta Implementation, including Office365 and Sharepoint related configuration.
  • Ensure compliance with Entra ID best practices for all aspects of TGen Entra ID / O365 environment, including directory services, Exchange configuration, SharePoint, and others.
  • Evaluate existing implementation of, and recommend best practice refinements to, Unix authentication to AD, including distribution of globally unique POSIX UID and GID.
  • Work with business partners to identify, define, and implement best-practice-based forest configuration with external business partners which use Entra ID, including possible cross-integrations with TGen Okta identity management platform.
  • Manage daily operations of any cross-forest trusts, Entra ID and AD services.
  • Monitor trust health, Kerberos ticket flows, LDAP queries, and authentication performance.
  • Automate repetitive tasks using Ansible and other scripting languages where appropriate.
  • Collaborate with HPC engineers to ensure consistent identity resolution and caching behavior across all HPC login and compute nodes.
  • Support the standardization of the installation, configuration, and hardening of SSSD/IdM client configurations for reliable user and group resolution, RBAC rules, sudo policies, and automount on HPC nodes on Linux Rocky 9 and associated infrastructure.
  • Monitor for and troubleshooting Kerberos, SSSD, cross-forest referral issues, as well as Azure connectivity problems.
  • Work with external collaborators (Entra ID teams) on trust implementations, maintenance, selective authentication adjustments, and incident resolution.
  • Ensure high availability and disaster recovery for IdM trust controllers and related components.
  • Implement least-privilege principles, selective authentication, and auditing for cross-forest access.
  • Participate in security reviews, audits, and compliance activities related to the identity infrastructure, including Entra ID-side controls.
  • Work closely with external partners’ Entra ID and IAM teams for trust configuration, network connectivity, and ongoing coordination.
  • Collaborate with TGen HPC system engineers managing storage/NFS configuration on PowerScale and VAST, as well as external partners accessing these HPC file systems on edge devices.
  • Coordinate with TGen information security team as needed to establish Entra and AD configuration policies that meet TGen requirements.

Requirements

What you’ll need
  • Bachelor’s degree in Computer Science, Information Technology, or related field (or equivalent experience).
  • 5+ years of hands-on experience in enterprise Identity and Access Management, with strong focus on hybrid Windows-Linux and cloud/on-premises environments.
  • Deep expertise in Entra ID, On-Prem AD (creating and managing forest/domain trusts, selective authentication, Kerberos, DNS integration, Entra Domain Services forest trusts).
  • Track record of clearly documenting architectures, procedures, and runbooks.
  • Proven ability to own the end-to-end creation and delivery of the on-premises trust and identity infrastructure while balancing operational support.
  • Solid understanding of POSIX UID/GID management, SID-to-POSIX algorithmic mapping, and ensuring consistency for shared filesystem access.
  • Proficiency with automation tools (Ansible, PowerShell, Azure CLI).
  • Knowledge of Microsoft Entra ID hybrid scenarios, including Entra Domain Services forest trusts.
  • Relevant certifications: Microsoft Certified: Identity and Access Administrator Associate (or Entra ID equivalent), or Azure Network Engineer.
  • Strong troubleshooting expertise using Microsoft Entra ID tools (Sign-in Logs, Audit Logs, Provisioning Logs, and the Diagnose and Solve Problems blade), Kerberos commands (klist, nltest), packet analysis (Wireshark), Azure connectivity diagnostics (Azure Network Watcher), and Linux identity tools (sssctl, journalctl, SSSD debug logging).
  • Practical experience with Rocky Linux 9 / RHEL 9, preferably in cluster environments and large-scale Linux deployments.
  • Familiarity with or experience in HPC or scientific computing environments, particularly with identity challenges on login/compute nodes.

Benefits

Comp & perks
  • BC/BS of Arizona health coverage.
  • Dental, Vision, Life, Short and Long Term Disability
  • Top notch EAP with a full scope of concierge type services
  • 401k with 6% match
  • Generous time off
  • Commuter benefits
  • Much, much more!

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Entra IDOn-Prem ADKerberosPOSIX UID/GID managementAzure CLIPowerShellAnsibleSSSDLinux Rocky 9HPC
Soft Skills
troubleshootingdocumentationcollaborationcommunicationproblem-solvingoperational supportcoordinationsecurity awarenesscompliancebest practices
Certifications
Microsoft Certified: Identity and Access Administrator AssociateAzure Network Engineer