Job description
Contract Duration: 6-7 months
Position Location: Hybrid – 60% Office, 40% Remote
(Onsite Locations: Bedford, MA / Atlanta, GA / San Diego, CA / Waukasha, WI)
Position Overview:
We are seeking an experienced Active Directory (AD) Engineer to supplement an existing team and provide Identity and Access Management (IAM) strategy recommendations. The ideal candidate will possess a strong background in designing, building, and maintaining complex global directory environments.
Key Responsibilities:
- Engineering, deploying, operationalizing, maintaining, and supporting tools associated with AD.
- Contributing to the engineering and support of AD as needed.
- Communicating service directions, features, and roadmaps.
- Providing technical leadership and guidance.
- Assisting with currency and patching of AD systems.
- Liaising with and supporting operational teams.
- Participating in incident response for AD platforms as needed.
- Assisting in technology evaluations and proof of concept projects.
- Contributing to disaster recovery planning and remediation of vulnerabilities within AD.
- Making recommendations for improving and securing the AD environment.
- Providing IAM strategy recommendations.
Required Experience:
- Senior-level AD Engineer with 5-7 years of experience.
- Experience in large enterprise environments.
Required Technical Skills & Experience:
- 5+ years in directory services engineering.
- 2+ years in IAM strategy development.
- Manufacturing industry experience.
- Strong understanding of AD security principles.
- Experience with implementing and maintaining AD tools, including:
- Microsoft ATA/AATP/Defender for Identity.
- Microsoft ADRES (Active Directory Recovery Execution Service).
- Quest Tools (Change Auditor, Recovery Manager, Enterprise Reporter, Migration Manager).
- Other equivalent AD management tools.
- Familiarity with supporting SOC processes, recovery testing, AD continuity, and disaster recovery.
- Experience with AD security capabilities:
- Microsoft Defender Credential Guard.
- Kerberos and NTLM protocols.
- Group Policy Preferences administration.
- Domain Controller communications and security.
- Ransomware defense for directory services.
Required Soft Skills:
- Excellent interpersonal and communication skills in English (both written and spoken).
- Strong organizational skills with attention to detail.
- Strategic thinking balanced with a detail-oriented mindset.
- Team player, able to collaborate both in person and virtually (MS Teams or similar).
- Self-starter with the ability to take initiative.
- Flexibility to work across different time zones.
Preferred Skills:
- Experience with SAP Access Control.
- Certifications such as CISSP, CISM, or equivalent are a plus.
