Overview:
Design, govern, and transform enterprise Active Directory and hybrid identity environments, ensuring secure, scalable, and compliant identity services.
Key Responsibilities
- Own end-to-end AD architecture (forest/domain design, trust models, OU structure, Tier 0/1/2).
- Define target-state architecture, standards, and best practices.
- Lead AD migrations, consolidations, and upgrades (cross-forest, legacy).
- Plan and execute POCs, pilots, cutover, and rollback strategies.
- Manage application and service dependencies during migrations.
- Implement security hardening, privileged access, and delegation models.
- Design authentication & authorization (MFA, Conditional Access, PIM).
- Ensure compliance with security policies and regulatory standards.
- Perform risk assessments and mitigation planning.
- Manage hybrid identity with Microsoft Entra ID (Azure AD).
- Support Microsoft 365 integration (Exchange Online, Teams, SharePoint).
- Optimize GPO design and manage GPO vs Intune/MDM coexistence.
- Ensure endpoint integration (Autopilot, Windows Hello for Business).
- Act as technical authority for SOWs, CRs, and proposals.
- Collaborate with stakeholders, vendors, and security teams.
- Maintain documentation, architecture diagrams, and SOPs.
- Lead knowledge transfer to operations/support teams.
Key Requirements
- 12+ years of experience in Active Directory & Identity Management.
- Strong expertise in AD DS, AD LDS, ADFS, Entra ID (Azure AD).
- Experience with Windows Server (2012–2022/2025).
- Knowledge of Exchange (On-Prem & Hybrid), GPO, DNS, DHCP, PKI.
- Strong PowerShell scripting/automation skills.
- Experience with large-scale AD transformations and migrations.
- Strong understanding of enterprise security and compliance.
- Excellent design, analytical, and documentation skills.
- Ability to work in global, multi-stakeholder environments.
- Strong communication and leadership skills.
