Senior Active Directory Cloud Identity Specialist

Summary:

We are seeking a Senior Directory Services analyst to modernize our enterprise identity platform across onprem Active Directory LDAPs and other cloud-based directories and stores. The role is focused on securing employee partner and application access in a highly-regulated financial services environment and will partner closely with security infrastructure and application you are passionate about identity security and thrive in high-stakes environments this role offers the chance to make a measurable impact on the security posture of a global enterprise.

Key Responsibilities:

• Lead architecture engineering and operations for Active Directory forests domains and Group Policy in a multi-site highly regulated environment.

• Design and drive adoption of hybrid identity solutions integrating onprem and cloud-based services.

• Implement and optimize authentication and authorization controls: SSO MFA Conditional Access identity protection and modern protocols (SAML OAuth2 OIDC).

• Define and enforce standards for identity lifecycle: joiner/mover/leaver processes automated provisioning/deprovisioning access reviews and role-based access control (RBAC).

• Partner with stakeholders and business teams to implement least-privilege privileged access management (PAM) and Zero Trust-aligned identity controls.

• Lead and support AD and identity-related projects: domain/forest consolidation mergers/acquisitions cloud migrations and re-platforming.

• Enhance monitoring alerting and reporting for directory and identity health security posture and compliance (audit trails SOX GLBA PCI etc.)

• Develop and maintain scripts and automation (primarily PowerShell) to drive consistency efficiency and security in identity operations.

• Serve asa senior SME and escalation point for complex identity incidents outages and security events.

• Produce and maintain technical documentation runbooks standards and architecture diagrams for AD and cloud identity services.

• Mentor and guide junior engineers analysts and admins and contribute to identity and access strategy and roadmap.

Required Qualifications:

• 10 years of hands-on experience administering and engineering enterprise Active Directory in a large multi-site environment.

• Strong expertise in: AD forest/domain design trusts DNS Group Policy replication and AD security hardening.

• 5 years working with Azure AD/Entra ID and hybrid identity (synchronization federation ADFS or equivalent cloud-only and hybrid scenarios).

• Deep understanding of identity and access management concepts: authentication authorization RBAC least privilege PAM Zero Trust.

• Strong experience with MFA Conditional Access SSO and identity federation using SAML OAuth2 and OpenID Connect.

• Proficiency with PowerShell for automation reporting and bulk operations in AD and Azure AD.

• Experience operating in regulated environments (preferably banking/financial services) with audit risk and compliance requirements.

• Solid understanding of networking and security fundamentals (TCP/IP firewalls TLS certificates PKI as it relates to identity).

• Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.