The Sr. Systems Engineer will be responsible for John Hopkins on-premises AD, Azure AD and Office 365 tenants. The position will be responsible for configuring and managing Johns Hopkins Office 365 tenants and designing, implementing, and supporting services for Azure AD and Identity management solutions. The position will be working with other teams to implement federated services, SSO, MFA, conditional access, etc. for authentication and access to Office 365 and Azure cloud services.
Specific duties & responsibilities
- Configure and manage on-premises Active Directory and Azure Active Directory environments
- Support, implement, and design services for Azure AD and identity management solutions
- Provide engineering services to plan and execute AD domain consolidations
- Resolve problems and issues related to Active Directory and Azure Active Directory
- Configuration and maintenance of policies, settings, and packages within the Office 365 ecosystem
- Standardization and maintenance of permissions and Azure AD roles using Role Based Access Controls including Group-based Privileged Identity Management
- Formulation, integration, and testing of Conditional Access Policies to secure access to company and web resources
- Promote innovative solutions to clients regarding Office 365 offerings and Azure AD integrations
- Act as highest tier of escalation for issues related to Office 365 and Azure AD
- Accept escalations and complete service requests within the established SLAs and provide best practice recommendation
- Setup, configure, and integrate new Azure AD tenants
- Ensure compliance with industry and company standards
- Keep up-to-date on emerging trends in the Identity, Authentication, Authorization, Device Management, Governance, and Information Security industries especially as they relate to Azure AD
- Deep understanding of the directory synchronization process for Azure AD
Examples of clients supported and degree of client interaction:
- Enterprise Active Directory: Managed multiple DCs across 3 data centers and multiple AD sites providing client authentications. Responsible for maintaining security for the DCs and AD.
- Office 365: A suite of collaboration tools such as OneDrive and Microsoft Office provided online through the Office 365 Portal.
- Azure Active Directory: Azure AD is Microsoft's cloud-based identity and access management service, which helps Johns Hopkins faculty, staff, and student sign in and access cloud resources and Internal resources, on the Hopkins corporate network and intranet, along with any cloud apps developed by the organization. Azure AD provided single sign-on and multi-factor authentication to help protect users from cybersecurity attacks.
- Microsoft DirSync and AD integration: Work with the Identity team to deploy Office 365 Directory Synchronization (DirSync) to synchronize accounts between Hopkins’ on-premises directory and Azure Active Directory tenants with Office 365.
- Federation Services and Single Sign-On (SSO): Work with the Enterprise Authentication team where require access for example SharePoint sites or other web-based Office 365 services, it is important to have an understanding on Active Directory Federation Services and Single Sign-On system for access to Hopkins resources in Office 365.
- PowerShell: Knowledge of setting up Windows PowerShell, Microsoft’s task automation and configuration management system, especially where automation is a necessity for administration.
- Domain Name Systems (DNS): Should be comfortable with DNS and mapping domain names to internal and external Hopkins’ resources and Internet resources.