Leidos is seeking a highly skilled
Active Directory Architect / Engineer to review and re-architect ATR's Microsoft Active Directory and hybrid identity environments. The candidate will be responsible for overseeing the implementation, optimization, and ongoing management of the updated architecture and will play a key role in maintaining integrity, availability, and security of identity and access management systems that support the entire ATR organization. This position focuses on both the on-premises Active Directory Domain Services (AD DS) and integration with Microsoft Entra ID (formerly Azure AD).
Please Note: This work is located onsite in the DC area.Key Responsibilities:- Design, deploy, upgrade, and administer Active Directory Domain Services, including domain controllers, forests, domains, trusts, and replication topologies (i.e. Manage and optimize Group Policy Objects (GPOs), OU structures, and security baselines; including object management through bulk operations and automation, Troubleshoot and resolve complex AD-related issues, including authentication failures, replication problems, DNS issues, and Kerberos/NTLM problems, Plan and execute Active Directory migrations, consolidations, and upgrades (of both underlying server infrastructure and overall forest/domain functional levels), Develop and maintain disaster recovery, backup, and restore procedures for AD environments (including AD Recycle Bin and authoritative restores), Monitor AD health and performance using tools such as Microsoft System Center, Azure Monitor, or third-party solutions).
- Implement and maintain Advanced Microsoft Entra ID (Azure AD), Okta, hybrid identity models, Privileged Access Management (PAM), and Public Key Infrastructure services in compliance with federal standards (e.g. NIST and DISA STIG).
- Engineer and implement security best practices including: (i.e. Privileged Access Management (PAM), Just-In-Time (JIT) access, tiered administration, and Least Privilege principles, Zero Trust network access (ZTNA), secure enclave integration, and defense-in-depth methodologies, Compliance with security standards, regulatory requirements (SOC 2, ISO 27001, HIPAA, CMMC, etc.), and internal policies.
- Collaborate with Security, Endpoint, Cloud, and Application teams on identity-related projects and incident response.
- Automate repetitive tasks using PowerShell, Microsoft Graph, Python, and Infrastructure as Code (leveraging Ansible) where applicable.
Required Qualifications:- Bachelor's degree in Computer Science, Information Technology, Engineering, OR in a related field and 12+ years of relevant experience OR Masters degree with 10+ years of relevant experience . Additional years of experience will be considered/accepted in lieu of a degree.
- 12+ years of hands-on experience as an Active Directory Architect, Engineer, OR Senior Administrator in complex enterprise environments.
- Deep expertise in designing, deploying, upgrading, and administering Microsoft Active Directory Domain Services (AD DS), including domain controllers, multi-domain/forest architectures, trusts, replication topologies, Group Policy Objects (GPOs), OU design, and security baselines.
- Strong experience with hybrid identity solutions, including synchronization and integration between on-premises AD DS and Microsoft Entra ID (formerly Azure AD).
- Proven track record in troubleshooting and resolving complex AD issues (authentication failures, replication, DNS, Kerberos/NTLM, etc.).
- Experience with Active Directory migrations, consolidations, forest/domain functional level upgrades, and infrastructure modernization.
- Solid understanding of disaster recovery, backup/restore procedures for AD (including AD Recycle Bin and authoritative restores).
- Experience implementing and managing Privileged Access Management (PAM), Just-In-Time (JIT) access, tiered administration models, and Least Privilege principles.
- Working knowledge of Public Key Infrastructure (PKI), Zero Trust Network Access (ZTNA), secure enclaves, and defense-in-depth security strategies.
- Familiarity with compliance frameworks and federal standards such as NIST, DISA STIGs, SOC 2, ISO 27001, HIPAA, and CMMC.
- Proficiency in automation and scripting using PowerShell, Microsoft Graph, Python, and Infrastructure as Code tools (e.g., Ansible).
- Experience collaborating with Security, Cloud, Endpoint, and Application teams on identity-related initiatives and incident response.
- Strong communication skills and ability to work independently as a contractor in a dynamic environment.
- U.S. Citizenship required.
- Ability to obtain and maintain a Public Trust security clearance.
Preferred Qualifications:- Experience with Okta for identity management and federation.
- Background supporting federal or regulated industries with strict compliance requirements.
- Experience using monitoring tools such as Microsoft System Center, Azure Monitor, or third-party AD health solutions.
- Knowledge of modern identity security practices and integration with cloud platforms.
Desired Certifications (one or more of the following):- Microsoft Certified: Identity and Access Administrator Associate (SC-300).
- Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800 + AZ-801).
- Microsoft Certified: Azure Administrator Associate (AZ-104).
- Microsoft Certified: Azure Security Engineer Associate (AZ-500).
- CISSP (Certified Information Systems Security Professional).
- CISM (Certified Information Security Manager).
- Okta Certified Professional or Okta Certified Administrator.
Please Note:The program budget salary for this role could fall anywhere between mid $150,000 to low/mid $170,000 with a slight wiggle room
(no guarantees) based on relevant experience and assessment. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
Leidos is growing! Connect with us on LinkedIn and Facebook
