Job Description
Job Description
We are seeking a highly skilled and experienced Active Directory Engineer to manage, maintain, and optimize our enterprise Active Directory environment and to use such expertise in getting a specific Active Directory compliant for CMMC compliance. The ideal candidate should have a deep understanding of Microsoft identity and access management services, including AD DS, AD FS, and Group Policy with strong troubleshooting and scripting skills. This will be a temporary position w/ possible extensions and will be FULLY ONSITE.
Key Responsibilities:
•Design, implement, and maintain Active Directory Domain Services (ADDS) across multi-site environments.
•Manage Group Policy Objects (GPOs), Organizational Units (OUs), and user/computer accounts.
•Monitor and optimize Active Directory replication, performance, and health.
•Implement and manage Active Directory Federation Services (ADFS) and Azure AD integration.
•Configure and troubleshoot DNS and DHCP services related to AD.
•Ensure security best practices for AD infrastructure, including role-based access control, auditing, and hardening.
•Develop and maintain PowerShell scripts for automation of routine AD tasks.
•Collaborate with the security and compliance teams on identity governance and access control.
•Support hybrid identity infrastructure (on-prem and cloud).
•Participate in disaster recovery planning and backup strategies for directory services.
•Perform domain migrations, trust configurations, and forest design as needed.
Required Skills and Qualifications:
•Proven experience (5+ years) managing enterprise-scale Active Directory environments.
•In-depth knowledge of Active Directory, DNS, DHCP, GPOs, AD FS, Azure AD, and LDAP.
•Experience with PowerShell scripting and automation tools.
•Understanding of identity federation, SSO, and conditional access policies.
•Familiarity with Microsoft security baselines and compliance frameworks.
•Strong analytical and troubleshooting skills.
•Excellent documentation and communication skills.
Preferred Qualifications:
•Microsoft Certifications such as MCSA/MCSE, Microsoft Certified: Identity and Access Administrator Associate, or Azure Solutions Architect.
•Experience with tools like ADManager Plus, Quest.
•Exposure to Zero Trust, Privileged Access Management (PAM), or Identity Governance and Administration (IGA).
•Experience with cloud identity platforms like Okta, Ping Identity, or SailPoint is a plus.
•Exposure or knowledge of Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, NIST SP 800 172 a plus.