Lead Engineer, Active Directory

Job Title:  Lead Engineer, Active Directory

Reports to: Manager, Technology Infrastructure

Job Grade: Assigned by Comp.

Job Code:

FLSA Status: Exempt

FLSA Category, if Exempt: Assigned by Comp.

EEO Category: Assigned by Comp

Prepared By: Mark Sobczak

Date Approved: Entered by Comp.

Approved By: Entered by Comp.

GENERAL DESCRIPTION:

The Lead Engineer, Active Directory provides strategic and technical leadership in the design, implementation, and optimization of the enterprise Active Directory environment. This senior-level role ensures the stability, scalability, and security of the identity and access management services, aligning directory architecture with business needs and industry best practices. Responsibilities include review design of existing Active Directory environments, collaborating with cross-functional teams to deliver scalable and resilient identity solutions, leveraging automation and scripting, evaluating system performance, resolving complex issues, performing large-scale domain consolidations, and contributing to continuous improvement initiatives aligned with business needs.

ESSENTIAL DUTIES AND RESPONSIBILITIES:

• Design and maintain a highly available, secure, and scalable Active Directory systems, including forests, domains, and trusts
• Develop long-term strategies for AD modernization, including cloud and hybrid identity integration (e.g., Azure AD, Entra ID)
• Define and enforce Group Policy Objects (GPO) standards for authentication, password policies, and privileged access management
• Implement and maintain AD-based activation, robust security controls for AD, including delegation models, RBAC, and auditing
• Collaborate with security teams to ensure compliance with regulatory frameworks (e.g., SOX, HIPAA, PCI DSS)
• Lead large-scale AD migrations, consolidations, and upgrades (e.g., forest/domain redesign, Windows Server upgrades)
• Serve as the highest-level escalation point for complex directory issues and outages
• Produce and maintain comprehensive architecture diagrams, policies, and operational documentation
• Mentor and guide engineers and administrators on best practices for AD operations

SUPERVISORY RESPONSIBILITIES:

• This Job has no supervisory responsibilities.

DECISION-MAKING RESPONSIBILITIES:

• This Job has no decision-making responsibilities.

EDUCATION/EXPERIENCE:

• Minimum Required Education: Bachelor’s degree or equivalent related work or military experience
• Minimum Required Experience: 5 years of experience managing Active Directory environments
• Desirable Education/Experience:

• • In-depth understanding of: AD Site component topology; Forest/Inter-Forest Operations and Topology; AADConnect; AD and Azure Environment Security; strong knowledge and experience with Group Policy management
  • Expert Knowledge of AD on Windows Server 2016 and newer
  • Strong experience with DNS management
  • Strong experience with AD security policies and service accounts management
  • Experience with CyberArk
  • Experience with Saviynt Identity Manager
  • Experience with VMWare environments
  • Experience with Citrix Environments

CERTIFICATES AND LICENSES:

Desireable Certifications

• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Windows Server Hybrid Adminstrator Associate
• Microsoft Certified Solutions Expert (MCSE) or legacy MCSA

JOB RELATED COMPETENCIES:

To perform the job successfully, an individual should demonstrate the following competencies:

• Analytical Skills –
  • Identifies and resolves problems
  • Demonstrates attention to detail
  • Identifies opportunities to increase accuracy and optimize resources and develops/recommends/implements solutions
  • Strong aptitude for understanding and performing analysis of data, processes, policies, procedures and/or systems

• • Composes thorough and detailed written technical documentation, procedures, manuals, etc.

• Communication Skills –

• • Writes clearly and informatively while editing work for spelling and grammar mistakes
  • Presents organized and thorough information and data appropriate for intended audience
  • Utilizes variety of interpersonal styles and communication methods to effectively adapt to new work structures, processes, or cultures
  • Demonstrates group presentation skills and excellent negotiation skills to deal effectively with individuals and groups within and outside the organization

• Time Management Skills –

• • Demonstrates follow-up skills
  • Provides timely and professional support to all internal/external customers and vendors
  • Prioritizes regular workload, special tasks and concurrent projects, allocating time and resources to ensure that work is completed accurately and efficiently within established time frame

• Other –
  • Self-motivated
  • Team-oriented - Consults with Team members and management as needed to complete assigned responsibilities
  • Works with minimal supervision
  • Establishes and maintains effective, collaborative work relationships both internally and externally
  • Maintains strict confidentiality

Technical Competencies:

• • Deep expertise in Active Directory architecture, security and replication
  • Strong knowledge of DNS, DHCP, PKI, Kerberos, LDAP, and federation technologies (ADFS, SAML, OAuth)
  • Experience with Azure AD/Entra ID, cloud integrations, and identity governance
  • Excellent analytical, problem-solving, and project management skills
  • Effective communication and leadership abilities to influence technical and non-technical stakeholders

WORK ENVIRONMENT & PHYSICAL DEMANDS:

• Work Space
  • Office / cubicle workspace with moderate noise level
  • Hybrid
• Hours of Work/Travel
  • Extended hours including weekends
  • Hours vary to cover nights and weekends, early mornings and evenings
  • Provide on-call or after-hours support during maintenance windows, emergencies/outages, or system upgrades
• Physical Activity
  • Able to lift up to 50 pounds
  • Spend extended periods at a computer workstation