We are seeking a
Senior Active Directory Engineer to lead the
design, implementation, and operation of an enterprise Active Directory environment as part of a major implementation project. This role requires deep technical expertise, strong architectural skills, and hands-on delivery experience in complex AD environments.
The ideal candidate will have
10+ years of experience working with Microsoft Active Directory in large-scale or enterprise environments and will be comfortable owning the solution from
architecture through steady-state operations in Irvine, CA onsite role.Responsibilities
Active Directory Architecture & Design- Design enterprise-grade Active Directory architectures, including:
- Forest and domain design
- Trust relationships (internal and external)
- OU structure, delegation models, and naming standards
- Define Group Policy (GPO) strategy aligned with security and operational requirements
- Design identity lifecycle management processes (joiners, movers, leavers)
- Ensure architectural alignment with security and operational best practices
Active Directory Improvement & Optimization- Perform current-state assessments of the customer's AD environment
- Identify and remediate gaps related to:
- Security posture
- Performance and replication health
- Operational inefficiencies
- Technical debt from legacy configurations
- Improve and optimize:
- Group Policy Objects (cleanup, consolidation, redesign)
- AD Sites and Services and replication topology
- DNS and domain controller placement
- Implement non-disruptive enhancements to existing environments, minimizing business impact
- Plan and execute phased improvement activities with clear risk mitigation and rollback strategies
Security & Best Practices- Implement AD security best practices, including:
- Tiered administration models (e.g., Tier 0/1/2)
- Privileged access management
- Secure administrative delegation
- Harden Active Directory against common attack vectors
- Support incident response related to identity or directory services
- Collaborate with security teams on identity-related controls
Documentation & Knowledge Transfer- Produce detailed architecture diagrams, implementation documents, and SOPs
- Create operational guides and troubleshooting documentation
- Conduct knowledge transfer sessions for operations and support teams
Requirements
- 10+ years of hands-on experience with Microsoft Active Directory in enterprise environments
- Bachelor's degree in Computer Science, Information Technology, Information Systems, or a related technical field (or equivalent practical experience).
- Strong experience across the full AD lifecycle:
- Design
- Implementation
- Migration
- Operations
- Deep technical knowledge of:
- Active Directory Domain Services (AD DS)
- DNS and AD-integrated DNS
- Group Policy design and troubleshooting
- AD replication and topology
- Proven experience leading AD implementation or transformation projects
- Strong PowerShell skills for AD administration and automation
- Solid understanding of Windows Server internals and authentication mechanisms (Kerberos, NTLM)
Preferred Qualifications- Experience with hybrid identity solutions:
- Azure AD / Microsoft Entra ID
- Azure AD Connect / Cloud Sync
- Experience with:
- Multi-forest or multi-domain environments
- M&A-related AD consolidation projects
- Familiarity with identity security tools (e.g., PAM, MFA integrations)
- Microsoft certifications (preferred, not mandatory):
- Windows Server
- Identity and Access Management
- Experience working in regulated or security-sensitive environments
Soft Skills & Attributes- Strong problem-solving and analytical skills
- Ability to work independently and take ownership of critical systems
- Excellent communication skills for:
- Technical teams
- Project stakeholders
- Management
- Comfortable working in high-pressure implementation environments
- Strong documentation and presentation skills
