Windows Active Directory Architect / Engineer (Remote)

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

We are seeking a highly experienced Windows Active Directory Architect/Engineer with 10+ years of IT experience to lead the design, modernization, and security of enterprise identity and directory services across on-prem and cloud environments.

Act as SME and architect for On-Prem Active Directory and Azure Entra (Azure AD)
Design and modernize hybrid identity, directory synchronization, federation, and Zero Trust architectures
Lead large-scale AD and identity transformation projects, including cloud migrations, M&A, and enterprise modernization
Architect and manage Group Policy (GPOs), Conditional Access, identity governance, and AD security models
Analyze existing AD environments and implement architectural, security, and operational improvements
Collaborate with security, infrastructure, and application teams to ensure seamless integration and compliance

10+ years of IT experience, including 7+ years as a Windows Active Directory Engineer/Architect
Deep expertise in AD architecture: domains, trusts, replication, sites & services, DNS, DHCP
3+ years of hands-on Azure Entra (Azure AD) experience (hybrid identity, Conditional Access, Identity Protection)
Strong experience with Azure AD Connect, ADFS, SSO, LDAP, AD attributes, and permissions management
Advanced PowerShell scripting & automation (beyond basic scripting)
Strong knowledge of GPO design, analysis, item-level targeting, workstation and browser configurations
Experience with PKI, Certificate Services, IIS, File/Print services
Exposure to Intune, Intune Autopilot/ESP, Azure VDI, VMware VDI, modern endpoint management
Familiarity with IaC, DSC, automation tooling, NuGet, Chocolatey, declarative/immutable environments
Excellent troubleshooting and independent project leadership skills