Senior Active Directory Engineer

DESE is seeking a Senior Active Directory Engineer in Huntsville, AL. The Senior Active Directory Engineer serves as the subject matter expert for the design, implementation, and maintenance of a robust on-premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment, ensuring high availability and seamless authentication across the enterprise. You will lead forest-level migrations, disaster recovery planning, and the hardening of AD objects against modern security threats.ResponsibilitiesDesign and deploy multi-forest/multi-domain AD architectures, including Site and Services optimization for low-latency authentication.Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations.Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols.Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).Establish and regularly assess AD-specific backup and restoration procedures (Authoritative vs. Non-authoritative restores).Maintain the health of AD-Integrated DNS, ensuring proper zone replication and scavenging.Proactively monitor replication topology, roles, and health using tools like PowerShell, SCOM, or specialized AD auditing software.Required QualificationsBachelor's Degree in network engineering, Computer Science, or a related technical field.Must possess (or be able to obtain) a DoD Top Secret Clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph and willingness to meet Special Access Program (SAP) eligibility requirements.Must possess an active CompTIA Security+ CE, ISC2 SSCP, or equivalent baseline certification.Deep understanding of FSMO Roles, Global Catalogs, and Active Directory Partition structures.Advanced proficiency in PowerShell for automating bulk object changes, reporting, and environment health checks.Strong grasp of TCP/IP, DNS, and Firewall requirements essential for AD communication across segmented networks.Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).Preferred QualificationsActive DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph with willingness to meet Special Access Program (SAP) eligibility requirements.Microsoft Role-Based Certifications (e.g., AZ-800/801).Deep knowledge of STIG (Security Technical Implementation Guides) compliance.About DESEFor the past 43 years, DESE has provided industry-leading technical and engineering solutions in the fields of Defense, Energy, Space, and Environment. As a small, family-oriented business, DESE provides a compelling benefits package including a generous profit-sharing plan, competitive salaries, and perhaps most importantly, the opportunity to work alongside talented engineers leveraging cutting-edge technologies to solve complex and engaging problems.Why Employees Love Working For DESEAt DESE, we are committed to creating a company that is known for its respect and care for employees. We understand that happy employees are what keeps our business going and we strive to provide the best opportunities for each individual working on our team! Here are a few reasons you will love working here:Competitive health, dental and vision insurance with affordable premiumsFlexible work schedulesTwo different flexible spending account optionsCompany paid life insurance with options for employee paid additionalPerformance bonus programEducation reimbursement programCompany paid personal leave for approved philanthropic activitiesVacation, Sick & Holiday leaveRobust 401k profit sharing planOpportunities for internal promotionsEmployee referral incentive programRewards and gifts for service anniversariesDisability Accommodation for Applicants – DESE Research, Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the following alternative email address or phone number to contact us about your interest in employment with us: hrandsecurity@dese.com or 256-837-8004x123.Job Posted by ApplicantPro