Senior Active Directory Engineer

DESE is seeking a Senior Active Directory Engineer in Huntsville AL. The Senior Active Directory Engineer serves as the subject matter expert for the design implementation and maintenance of a robust on-premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment ensuring high availability and seamless authentication across the enterprise. You will lead forest-level migrations disaster recovery planning and the hardening of AD objects against modern security threats.

Responsibilities:

• Design and deploy multi-forest/multi-domain AD architectures including Site and Services optimization for low-latency authentication.
• Standardize and manage GPOs to enforce security baselines software distribution and user environment configurations.
• Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos NTLM and LDAP security protocols.
• Lead Domain Controller (DC) promotions demotions and OS upgrades (e.g. migrating from Windows Server 2016 to 2022).
• Establish and regularly assess AD-specific backup and restoration procedures (Authoritative vs. Non-authoritative restores).
• Maintain the health of AD-Integrated DNS ensuring proper zone replication and scavenging.
• Proactively monitor replication topology roles and health using tools like PowerShell SCOM or specialized AD auditing software.

Required Qualifications:

• Bachelors Degree in network engineering Computer Science or a related technical field.
• Must possess (or be able to obtain) a DoD Top Secret Clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph and willingness to meet Special Access Program (SAP) eligibility requirements.
• Must possess an active CompTIA Security CE ISC2 SSCP or equivalent baseline certification.
• Deep understanding of FSMO Roles Global Catalogs and Active Directory Partition structures.
• Advanced proficiency in PowerShell for automating bulk object changes reporting and environment health checks.
• Strong grasp of TCP/IP DNS and Firewall requirements essential for AD communication across segmented networks.
• Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).

Preferred Qualifications:

• Active DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph with willingness to meet Special Access Program (SAP) eligibility requirements.
• Microsoft Role-Based Certifications (e.g. AZ-800/801).
• Deep knowledge of STIG (Security Technical Implementation Guides) compliance.

About DESE:

For the past 43 years DESE has provided industry-leading technical and engineering solutions in the fields of Defense Energy Space and Environment. As a small family-oriented business DESE provides a compelling benefits package including a generous profit-sharing plan competitive salaries and perhaps most importantly the opportunity to work alongside talented engineers leveraging cutting-edge technologies to solve complex and engaging problems.

Why employees love working for DESE:

At DESE we are committed to creating a company that is known for its respect and care for employees. We understand that happy employees are what keeps our business going and we strive to provide the best opportunities for each individual working on our team! Here are a few reasons you will love working here:

• Competitive health dental and vision insurance with affordable premiums

• Flexible work schedules

• Two different flexible spending account options

• Company paid life insurance with options for employee paid additional

• Performance bonus program

• Education reimbursement program

• Company paid personal leave for approved philanthropic activities

• Vacation Sick & Holiday leave

• Robust 401k profit sharing plan

• Opportunities for internal promotions

• Employee referral incentive program

• Rewards and gifts for service anniversaries

Disability Accommodation for Applicants DESE Research Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability you may use the following alternative email address or phone number to contact us about your interest in employment with us: or x123.

Required Experience:

Director