Airitos

Active Directory Engineer

Bedford, MA
Contracted to Full Time
Experienced
Seeking an experienced Active Directory (AD) engineer to supplement the existing team and provide IAM strategy recommendations.  The candidate must have a strong background in designing, building, and maintaining complex global directory environments.  This position is hybrid role 60% in office 40% remote. Office locations Bedford, MA, Atlanta, GA, San Diego, CA. Waukesha, WI. 

The candidate will be able to successfully perform the following activities: 
 
  • Engineering, deploying, operationalizing, maintaining, and supporting tools associated with AD.
  • Contributing to the engineering and support of AD as needed.
  • Communicating service directions, feature, and roadmaps.
  • Providing technical leadership to others with less knowledge or experience.
  • Assist with currency and patching.
  • Liaising with, training, and supporting operational teams.
  • Participate in ad-hoc incident response for Active Directory/Active Directory platforms, when needed.
  • Assist in technology evaluations and guiding proof of concepts.
  • Participate in solution design discussions.
  • Assist with remediating prioritized vulnerabilities in AD.
  • Assist with disaster recovery planning for AD.
  • Make recommendations for improving and securing the AD environment.
  • Provide IAM strategy recommendations.

Required Skills
  • Senior and experienced AD Engineer (5-7 years) with some Large Enterprise Experience.
  • 5+ years of experience in directory services engineering.
  • 2+ years in IAM strategy
  • Manufacturing experience
  • Good understanding of AD security
  • Experience with implementing and maintaining AD Tools:
  • Microsoft ATA/AATP/Defender for Identity
  • Microsoft ADRES (AD Recovery Execution Service)
  • Quest tools e.g., Change Auditor; Recovery Manager (RMAD); Enterprise Reporter; Migrations Manager (or Binary Tree's products)
  • Alternative vendor tools that fall into the same area
  • Experience with processes:
  • e.g., Supporting SOC
  • e.g., Periodic recovery testing of AD
  • Experience of AD Business Continuity and Disaster Recovery Planing and testing processes.
  • Experience with the following AD capabilities:
  • Microsoft Defender Credential Guard
  • Kerberos and insecure authentication protocols (e.g., NTLM etc.)
  • Group Policy Preferences administration for local administration accounts.
  • Local Security Authority
  • Domain Control Communications Digital Signing
  • SID History Reporting
  • Microsoft's Rapid Modernization Plan (RAMP) experience
  • OU Design
  • UEBA
  • MFA for Domain Administrators
  • Spooler Service Management Security
  • Object-Time to Live ("TTL") Auditing and Monitoring
  • Link-Local Multicast Name Resolution ("LLMNR")
  • Operationalizing Forest Level Backups
  • Ransomware defense for directory services
  • Domain administration script signing
  • Powershell auditing and logging
  • Excellent interpersonal communication skills with strong spoken and written English. 
  • Organizational skills with attention to detail.
  • Business outcomes mindset.
  • Solid balance of strategic thinking with detailed orientation.
  • Collaborative team worker – both in person and virtually using MS Teams or similar.
  • Self-starter, ability to take initiative.
  • Flexibility to accommodate working across different time-zones.

Preferred Qualifications:
  • SAP Access Control
  • CISSP, CISM, or equivalent certification a plus.

Required Education
  • Bachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*