Lead and manage a team of directory services and authentication engineers and architects responsible for day‑to‑day platform design, implementation, and support.
Set technical direction, architectural standards, and execution priorities for the team in alignment with enterprise IAM strategy.
Ensure strong engineering discipline, documentation standards, and design review rigor across all directory and authentication initiatives.
Act as an escalation point for complex architectural, security, and availability issues affecting identity platforms.
Develop and mentor senior technical talent, building depth and succession within the directory and authentication domain.
Serve as the accountable design authority and platform owner for very large, security-sensitive Active Directory environments.
Define and govern forest and domain architecture, including trust models, isolation strategies, and blast‑radius containment.
Own OU design, delegation models, administrative separation, and naming conventions.
Establish and enforce Group Policy architecture and security baselines.
Lead Active Directory security hardening, including privileged tiering, administrative isolation, and reduction of legacy exposure.
Architect protections against credential theft, lateral movement, and domain compromise, ensuring alignment with modern threat models and regulatory expectations.
Own architecture for hybrid and cloud‑native identity, including integration between Active Directory and Microsoft Entra.
Define synchronization, attribute governance, and source‑of‑authority models appropriate for enterprise scale.
Ensure Entra architecture aligns with Zero Trust principles and enterprise access management standards.
Own the enterprise Linux authentication architecture and its integration with Active Directory and Microsoft Entra.
Define secure, scalable patterns for centralized Linux authentication, authorization, and privilege enforcement.
Ensure consistent authentication architecture across on‑prem, private cloud, and public cloud Linux environments.
Partner with infrastructure and platform teams to standardize Linux authentication and reduce platform‑specific risk.
Architect and own high availability and disaster recovery strategies for directory and authentication platforms.
Define replication topology, site design, and failover patterns to meet enterprise RTO and RPO requirements.
Participate in and lead resilience testing and recovery exercises related to identity infrastructure.
Work very closely with the Head of IAM Architecture to ensure directory and authentication platforms align with enterprise identity standards and target‑state architecture.
Partner with the Head of IAM Engineering to ensure architectural intent is translated into secure, reliable engineering implementation.
Collaborate with IAM Product Development and Support teams to ensure authentication platforms meet product requirements, scale reliably, and are supportable in production.
Define and govern integration patterns between Active Directory, Microsoft Entra, Linux authentication platforms, and downstream identity providers.
Serve as the final architectural approver for changes impacting directory and authentication platforms.

Requirements

6+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
3+ years of management or leadership experience
6+ years of experience designing, operating, and securing enterprise- level Active Directory environments

Benefits

Health benefits
401(k) Plan
Paid time off
Disability benefits
Life insurance, critical illness insurance, and accident insurance
Parental leave
Critical caregiving leave
Discounts and savings
Commuter benefits
Tuition reimbursement
Scholarships for dependent children
Adoption reimbursement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Active DirectoryLinux authenticationidentity access managementsecurity hardeningGroup Policy architecturedisaster recovery strategiesreplication topologyZero Trust principlescloud-native identity architecturecredential theft protection

Soft Skills

leadershipmentoringcollaborationcommunicationproblem-solvingtechnical direction settingdocumentation standards enforcementdesign reviewteam managementescalation management