Engineer, Active Directory

Job Title:  Engineer, Active Directory

Reports to: Manager, Technology Infrastructure

Job Grade: Assigned by Comp.

Job Code: 50493

FLSA Status: Exempt

FLSA Category, if Exempt: Assigned by Comp.

EEO Category: Assigned by Comp

Prepared By: Mark Sobczak

Date Approved: Entered by Comp.

Approved By: Entered by Comp.

GENERAL DESCRIPTION:

The Engineer, Active Directory is responsible for the design, implementation, administration, and optimization of the organization’s Microsoft Active Directory Environment. This mid-level role focuses on ensuring secure, reliable, and efficient directory services that support identity and access management across the enterprise. Responsibilities include collaborating with cross-functional teams to deliver scalable and resilient identity solutions, leveraging automation and scripting, evaluating system performance, resolving complex issues, and contributing to continuous improvement initiatives aligned with business needs.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Install, configure, and maintain Active Directory forests, domains, and domain controllers
• Manage Group Policy Objects (GPOs), DNS, DHCP, and related services
• Monitor AD replication and system performance, applying patches and upgrades as required
• Create, modify, and deprovision user, service, and computer accounts while maintaining least-privilege access
• Implement and maintain password policies, privileged access controls, and security baselines
• Investigate and resolve authentication failures, replication issues, and trust relationship errors
• Participate in root-cause analysis and continuous service improvement initiatives
• Audit and review access permissions and Group Policies regularly
• Assist with migrations, consolidations, and upgrades of AD environments and related infrastructure
• Maintain accurate design diagrams, configuration documentation, and standard operating procedures
• Recommend improvements for scalability, automation, and disaster recovery

SUPERVISORY RESPONSIBILITIES:

• This Job has no supervisory responsibilities.

DECISION-MAKING RESPONSIBILITIES:

• This Job has no decision-making responsibilities.

EDUCATION/EXPERIENCE:

• Minimum Required Education: Associate’s degree or equivalent related work or military experience
• Minimum Required Experience: 3 years of experience managing Active Directory environments and Azure Active Directory
• Desirable Education/Experience:

• • Strong understanding of: AD Site component topology; Forest/Inter-Forest Operations and Topology; AADConnect
  • Strong knowledge and experience with Group Policy management
  • Strong Knowledge of AD on Windows Server 2016 and newer
  • Strong experience with DNS management, AD security policies and service accounts management
  • Associate’s or Bachelor’s degree in Information Technology, Computer Science, or related field (or equivalent practical experience)
  • 3+ years of experience managing Active Directory environments and Azure Active Directory
  • Experience with CyberArk
  • Experience with Saviynt Identity Manager
  • Experience with VMWare environments
  • Experience with Citrix Environments

CERTIFICATES AND LICENSES:

Desireable Certifications

• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Windows Server Hybrid Adminstrator Associate
• Microsoft Certified Solutions Expert (MCSE) or legacy MCSA

JOB RELATED COMPETENCIES:

To perform the job successfully, an individual should demonstrate the following competencies:

• Analytical Skills –
  • Identifies and resolves problems
  • Demonstrates attention to detail
  • Identifies opportunities to increase accuracy and optimize resources and develops/recommends/implements solutions
  • Strong aptitude for understanding and performing analysis of data, processes, policies, procedures and/or systems

• • Composes thorough and detailed written technical documentation, procedures, manuals, etc.

• Communication Skills –

• • Writes clearly and informatively while editing work for spelling and grammar mistakes
  • Presents organized and thorough information and data appropriate for intended audience
  • Utilizes variety of interpersonal styles and communication methods to effectively adapt to new work structures, processes, or cultures
  • Demonstrates group presentation skills and excellent negotiation skills to deal effectively with individuals and groups within and outside the organization

• Time Management Skills –

• • Demonstrates follow-up skills
  • Provides timely and professional support to all internal/external customers and vendors
  • Prioritizes regular workload, special tasks and concurrent projects, allocating time and resources to ensure that work is completed accurately and efficiently within established time frame

• Other –
  • Self-motivated
  • Team-oriented - Consults with Team members and management as needed to complete assigned responsibilities
  • Works with minimal supervision
  • Establishes and maintains effective, collaborative work relationships both internally and externally
  • Maintains strict confidentiality

Technical Competencies:

• • In-depth knowledge of Active Directory architecture, DNS/DHCP, and Group Policy
  • Strong troubleshooting and analytical skills
  • Familiarity with authentication protocols (Kerberos, LDAP) and federation services (ADFS, SAML, OAuth)
  • Ability to manage projects and collaborate across teams effectively
  • Strong communication skills with a focus on security and best practices

WORK ENVIRONMENT & PHYSICAL DEMANDS:

• Work Space
  • Office / cubicle workspace with moderate noise level
  • Hybrid
• Hours of Work/Travel
  • Extended hours including weekends
  • Hours vary to cover nights and weekends, early mornings and evenings
  • Provide on-call or after-hours support during maintenance windows, emergencies/outages, or system upgrades
• Physical Activity
  • Able to lift up to 50 pounds
  • Spend extended periods at a computer workstation