Job Description

Role Description

The Identity Engineer - Active Directory is responsible for administering, engineering, and optimizing Ralliant Corporation's complex, multi-domain Active Directory environment. This role serves as a hands-on technical leader across core AD infrastructure, ensuring stability, security, and scalability while supporting the broader Identity & Access Management (IAM) program.

This position operates within a multi-domain, multi-forest environment (13+ domains) with hybrid identity integration and deep dependencies across enterprise IAM systems. The engineer is expected to operate confidently across all layers of Active Directory, from object lifecycle management and Group Policy to replication topology, authentication mechanisms, and disaster recovery.

The role partners closely with Security, Infrastructure, and Compliance teams to ensure Active Directory functions as a secure and reliable foundation for enterprise identity. It contributes to identity strategy by aligning AD schema, attributes, and configurations with identity governance platforms and access lifecycle processes.

The role embraces the Ralliant Business System (RBS) by embedding operational discipline, documentation, and continuous improvement into tools, workflows, and standard work. The engineer drives repeatable, scalable processes that improve security posture, reduce operational risk, and support audit readiness across the enterprise and Operating Companies (OpCos).

Key Responsibilities

• Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships
• Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup
• Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology
• Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS-R consistency
• Manage SPNs, gMSAs, and Kerberos authentication dependenciesMentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery.
• Maintain documentation including technical designs, workflows, configurations, and operational procedures.
• Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience.
• Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation
• Develop scripts for auditing, compliance reporting, and operational health monitoring
• Build automation for infrastructure lifecycle processes such as DC replacement and recovery
• Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management
• Manage privileged accounts and service account credentials in alignment with PAM policies
• Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations
• Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards
• Implement tiered administration models and protected group governance

Qualifications

• Bachelor's degree recommended; equivalent experience considered.
• 6 years of hands-on experience administering Active Directory in enterprise environments
• Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations
• Advanced PowerShell scripting and automation capabilities
• Strong understanding of Kerberos, SPNs, gMSAs, and delegation models
• Experience working with CyberArk or similar PAM solutions integrated with Active Directory
• Hands-on experience with AD disaster recovery and multi-domain/multi-forest environments
• Understanding of Active Directory's role within identity governance and IAM ecosystems
• Experience collaborating with PKI teams and supporting AD-integrated certificate services
• Experience with hybrid identity environments (Entra ID / Azure AD Connect)
• Strong knowledge of AD security hardening practices and attack mitigation techniques
• Experience generating audit evidence and supporting compliance requirements
• Experience with SIEM platforms such as CrowdStrike or equivalent
• Experience supporting regulated or customer driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800-171 aligned expectations preferred.
• Strong communication and documentation skills, with the ability to translate technical concepts into business impact.
• Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.

#LI-JW2