Job Description

Key Responsibilities 1. AD Architecture & Engineering • Design, build, and manage Active Directory forests, domains, and OU structures • Define and maintain AD Sites, Subnets, and replication topology • Manage domain controllers lifecycle (build, patching, decommissioning) • Lead AD forest carve-out, consolidation, and migration initiatives • Design high availability and disaster recovery strategies 2. Core AD Services • Manage and troubleshoot: o AD DS (Domain Services) o DNS (AD-integrated) o DHCP (where applicable) • Handle replication issues, latency optimization, and site link tuning • Maintain FSMO roles and ensure proper role placement 3. Group Policy (GPO) Engineering • Design, implement, and optimize Group Policy strategy • Troubleshoot complex GPO inheritance, filtering, and conflicts • Implement security baselines using GPOs • Manage GPO lifecycle (versioning, backup, rollback) 4. Identity & Access Management • Manage user and service account lifecycle (JML processes) • Implement RBAC and least privilege models • Integrate AD with enterprise IAM solutions • Support LDAP, Kerberos, NTLM authentication mechanisms 5. Federation & SSO • Design and manage Active Directory Federation Services infrastructure • Configure claims-based authentication and trust relationships • Enable SSO across enterprise and third-party applications • Troubleshoot federation, token, and claims issues 6. Hybrid Identity & Cloud Integration • Integrate on-prem AD with Microsoft Entra ID • Manage Entra Connect (Azure AD Connect) synchronization • Implement Conditional Access, MFA, and identity protection • Support hybrid identity architecture and cloud authentication models 7. Security & Hardening • Implement AD security best practices: o Tiered administration model o Privileged Access Management (PAM) o AD hardening and attack surface reduction • Monitor and respond to identity-based threats • Support compliance with banking and regulatory standards • Perform periodic AD health checks and security assessments 8. Automation & Scripting • Develop automation using PowerShell for AD operations • Automate provisioning, reporting, and monitoring tasks • Maintain scripts for audit, compliance, and operational efficiency 9. Monitoring, Audits & Compliance • Monitor AD, ADFS, and Entra ID health and performance • Support internal/external audits and compliance reporting • Maintain detailed documentation (architecture, SOPs, runbooks) 10. L3 Support & Incident Management • Act as escalation point for complex AD issues • Perform root cause analysis (RCA) for critical incidents • Ensure SLA adherence in a high-availability banking environment ______________ Required Skills & Experience • 8–12+ years of experience in Active Directory engineering and support • Strong expertise in AD architecture (multi-domain/forest environments) • Hands-on experience with forest migrations and carve-outs (must-have) • Deep knowledge of: o AD DS, DNS, replication, FSMO roles o GPO design and troubleshooting o Authentication protocols (Kerberos, NTLM, SAML, OAuth, OIDC) • Strong experience with: o Active Directory Federation Services o Microsoft Entra ID (Hybrid Identity) • Advanced PowerShell scripting skills • Experience in Windows Server environments (2016/2019/2022) ______________ Preferred Qualifications • Experience in banking or highly regulated industries • Exposure to Zero Trust and identity security frameworks • Experience with: o Privileged Identity Management (PIM) o Identity Governance tools • Relevant certifications: o Microsoft Certified: Identity and Access Administrator o Microsoft Azure / Entra certifications ______________ Key Competencies • Strong engineering mindset (not just operations) • Ability to work independently and drive ownership • Strong troubleshooting and RCA skills • Effective communication with technical and business stakeholders

Job qualifications:

Key Competencies • Strong engineering mindset (not just operations) • Ability to work independently and drive ownership • Strong troubleshooting and RCA skills • Effective communication with technical and business stakeholders