Sr. Active Directory Security Engineer

Senior Active Directory Security EngineerThe Senior Active Directory Security Engineer will serve as the primary architect and guardian of our enterprise identity ecosystem. This is a high-impact leadership role responsible for designing, securing, and evolving a resilient AD infrastructure that supports our global scalability. You will bridge the gap between traditional on-premises directory services and modern cloud identity, ensuring seamless, secure access across the entire organization.Key Responsibilities:Architect & Lead AD Infrastructure: Design and implement the overall architecture of the Active Directory (AD) environment, including multi-domain forests, trust relationships, and integration with cloud directory services (e.g., Azure AD), to ensure scalability, security, and high availability.AD Operations & Performance: Oversee day-to-day administration of AD domain controllers, replication topology, and Sites/Services configurations. Monitor system health and performance, proactively addressing issues to maintain optimal uptime and response times.Group Policy Management: Develop and manage Group Policy Objects (GPOs) and organizational unit (OU) structures to enforce security standards, compliance requirements, and consistent user and device configurations across the enterprise.Identity & Access Management: Implement and support identity solutions such as Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Active Directory Federation Services (ADFS). Ensure seamless integration of authentication/authorization mechanisms across on-premises and cloud environments.Security & Compliance: Collaborate with cybersecurity and compliance teams to uphold AD security best practices, including hardening of AD configurations, managing privileged access (PAM), auditing changes, and integrating Public Key Infrastructure (PKI) or certificate services for enhanced authentication.Required Qualifications: Active Directory Expertise: Expert-level knowledge of Active Directory architecture and administration, including design of forests/domains, OU structure, Sites and Services, and replication. Proven experience managing a complex, multi-site AD environment with high security requirements.Windows & Network Proficiency: Strong proficiency with Windows Server operating systems (2012 and newer) and core services integral to AD (DNS, DHCP, DFS). In-depth understanding of how these services integrate with and support Active Directory.Group Policy & Security: Extensive experience creating and managing Group Policy Objects to configure and secure Windows environments. Familiarity with Active Directory security principles, including access control, delegation of authority, and account management best practices.Scripting & Automation: Advanced PowerShell scripting skills for automating routine AD tasks and improving efficiency. Ability to develop scripts/tools to streamline processes such as user provisioning, group management, and system monitoring.Problem-Solving: Exceptional troubleshooting abilities in diagnosing and resolving Active Directory issues (replication errors, authentication problems, etc.) under time pressure. Experience with performance tuning and recovery procedures for AD.Leadership & Communication: Strong communication skills with the ability to translate technical concepts for diverse stakeholders. Demonstrated leadership in driving initiatives or projects, and experience mentoring technical teams or colleagues.