Job Summary
The role focuses on designing, operating, securing, and evolving on-premises Active Directory services in a large-scale, international, highly secure, and distributed environment. The engineer joins a global team and supports 24/7 operations as needed.
Job Duties
Core Responsibilities
- Administer, operate, and harden Corporate, Resources, and Isolation Active Directory forests.
- Manage Domain Controllers (Windows Server 2019/2022), Group Policy Objects (GPO), DNS, Sites & Services, and replication.
- Administer Entra ID (Azure AD), IAM solutions, and Azure AD Connect synchronization.
- Participate in major projects: AD consolidation, DNS redesign, tiering model implementation, and protection of privileged/sensitive accounts.
- Automate operations using advanced PowerShell for audits, provisioning, remediation, and process industrialization.
- Support Active Directory Disaster Recovery Plan (DRP): detection, restoration, testing, and technical communication.
- Perform monitoring, auditing, and alerting with tools like Change Auditor, EDR, and log collection systems.
- Contribute to cross-functional projects: M&A integration, application onboarding, user lifecycle management (onboarding/offboarding), and security compliance.
- Create and maintain technical documentation (DAT/DEX) and support AD governance frameworks.
Supporting Responsibilities
- Ensure practices comply with local/international regulations and industry standards.
- Prepare and update documentation for internal and external audits.
- Apply Permanent Control policies and Control Plans in daily activities.
- Proactively improve prevention, detection, and risk mitigation for IT/security threats.
Job Requirements
Qualifications & Experience
- Bachelor's degree (or equivalent) holder and 2 to 5+ years of significant hands-on experience in Active Directory and/or Entra ID administration and security.
- Proven track record in large-scale, regulated, or international environments.
- Ability to work in cross-functional, multicultural teams.
- High security awareness, rigor, and discipline when managing enterprise identity systems.
Technical Skills
- Extensive hands-on experience with Active Directory Domain Services, DNS, GPO, PKI, and ADFS.
- Strong expertise in Entra ID (Azure AD), Azure AD Connect, and Identity Governance.
- Advanced PowerShell scripting for automation, audits, and remediation.
- Deep knowledge of security concepts: RBAC, Zero Trust, MFA, Privileged Access, and AD Tiering.
- Practical experience with AD security tools: Sempris ADFR/Forest Druid, Ranger AD, PingCastle, Microsoft 365, Defender, Graph API.
- Knowledge of AD Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) preferred.
Soft Skills
- Embraces agile working methods and collaborates effectively with global peers across time zones.
- Strong problem-solving, risk anticipation, and attention to detail in critical environments.
- Excellent documentation, communication, and teamwork skills.
