Senior Active Directory Engineer

Alnafitha IT

Job Location:

Riyadh - Saudi Arabia

Monthly Salary: Not Disclosed
Experience Required: 5-7years
Posted on: 3 hours ago
Vacancies: 1 Vacancy
Register to Apply

Job Summary

Alnafitha is seeking a Senior Active Directory Engineer to deliver managed operations and to support a major identity change initiative for a banking client in the Kingdom of Saudi Arabia. Working as the on-site technical liaison between the client and the global office the engineer ensures the stability security and compliance of the clients Active Directory environment while executing planned modernization work (such as forest consolidation domain migration schema upgrades and security hardening) in parallel with business-as-usual operations.

Key Responsibilities

Operational Stability & Health Management (Daily / Weekly)

Monitor Active Directory health including replication FSMO roles SYSVOL event logs and domain controller performance.

Perform daily health checks (DCDIAG REPADMIN NETDIAG) and carry out proactive remediation.

Manage DNS hygiene including scavenging stale records and DNSSEC where used.

Manage time synchronisation ensuring the PDC emulator points to a reliable NTP source.

Ensure backup success (system state and full forest) and periodically test restores.

Apply OS security and AD cumulative updates during approved maintenance windows.

Support the Change Initiative (Project Mode in parallel with BAU)

Participate in joint planning with the global office and local bank teams to define the change (e.g. forest consolidation domain migration schema upgrade security overhaul site topology redesign).

Deploy new domain controllers or upgrade existing ones.

Modify site links subnets and replication schedules.

Restructure OUs and move objects (users computers groups) using tools such as ADMT PowerShell and Quest.

Implement new GPOs or refactor existing ones.

Configure or reconfigure forest and domain trusts.

Migrate service accounts to gMSA wherever possible.

Perform pre-change validation in a lab or staging environment.

Execute change during approved maintenance windows (nights / weekends respecting banking hours).

Validate post-change health and roll back if success criteria are not met.

Security & Compliance Hardening (Ongoing)

Maintain an AD security baseline aligned with CIS / NIST and banking regulations (FFIEC PCI SWIFT CSP).

Manage and monitor privileged groups (Enterprise Admins Domain Admins Schema Admins) for unauthorized changes.

Review and clean up stale users computers and service accounts monthly.

Enforce Kerberos AES encryption restrict NTLM and enable LDAP signing and channel binding.

Manage and rotate service account credentials (LAPS for local admins gMSA for services).

Assist with privileged access management (PAWs JIT break-glass accounts).

Ensure audit policies forward logs to the SIEM (Splunk Sentinel QRadar) and investigate anomalies.

Collaboration with the Global Office

Act as the technical liaison between the global AD team and local bank operations.

Participate in weekly design / status calls with the global office during the major change initiative.

Translate global AD standards into local implementation plans.

Report on local environment health risks and change progress using agreed dashboards.

Escalate issues requiring global decisions (e.g. schema changes cross-forest trust policies).

Troubleshooting & Incident Resolution

Diagnose and resolve AD-related incidents including authentication failures replication breaks GPO application issues account lockouts and Kerberos errors.

Perform root cause analysis and implement permanent fixes.

Support application teams with AD integration issues (SPN misconfigurations delegation permissions).

Participate in security incident response where AD compromise is suspected (e.g. golden ticket DCSync attacks).

Documentation & Knowledge Transfer (Local team and global office)

Maintain living documentation: AD topology domain controller inventory FSMO locations site links GPO inventory privileged group memberships and service account lists.

Document all changes performed during the major change initiative including before / after states.

Produce troubleshooting runbooks for common AD issues tailored to the banks environment.

Provide training sessions for local junior admins and global office teams as needed.

Disaster Recovery & Business Continuity

Maintain and test AD forest recovery procedures.

Ensure backup integrity and off-site / air-gapped copies for ransomware resilience.

Participate in annual DR drills with global and local teams.

Reporting & Metrics

Provide status reports to the local IT manager and global office as required covering health metrics change progress security findings incidents and planned activities.

Track and report KPIs: domain controller uptime replication latency authentication success rate backup success rate stale object reduction and audit log coverage.



Requirements

Qualifications & Experience

Bachelors degree in Computer Science Information Technology or a related field (or equivalent experience).

5 years of hands-on experience administering enterprise Active Directory environments ideally in banking financial services or other regulated sectors.

Proven experience delivering AD migration consolidation or modernization projects.

Experience operating within change management and approved maintenance windows in a 24/7 production environment.

Technical Skills

Deep expertise in Active Directory Domain Services DNS DHCP Group Policy and Kerberos / NTLM authentication.

Strong PowerShell scripting and automation skills.

Hands-on experience with migration tooling such as ADMT and Quest Migration Manager.

Knowledge of AD security hardening (LAPS gMSA tiered administration PAW JIT) and frameworks (CIS NIST).

Familiarity with SIEM platforms (Splunk Microsoft Sentinel QRadar) and audit log forwarding.

Experience with backup / recovery and AD forest recovery procedures.

Working knowledge of hybrid identity (Entra ID / Azure AD Connect) is a plus.

Certifications (Preferred)

Microsoft certifications (e.g. MCSE Identity and Access Administrator) preferred.

Security certifications such as Security GIAC or CISSP are an advantage.

Core Competencies

Strong analytical and root-cause troubleshooting skills.

Clear written and verbal communication in English; Arabic is a plus.

Ability to work with global and local stakeholders across time zones.

Discretion and reliability appropriate to a regulated banking environment.

Working Conditions

Standard working week is Sunday to Thursday during normal working hours.

Annual leave is provided in accordance with KSA labor law.

Work required outside normal working hours or days is treated as overtime; overtime cost is settled with the monthly invoice.

Change activities may require night and weekend maintenance windows scheduled to respect banking operating hours.




Required Skills:

Qualifications & Experience Bachelors degree in Computer Science Information Technology or a related field (or equivalent experience). 5 years of hands-on experience administering enterprise Active Directory environments ideally in banking financial services or other regulated sectors. Proven experience delivering AD migration consolidation or modernization projects. Experience operating within change management and approved maintenance windows in a 24/7 production environment. Technical Skills Deep expertise in Active Directory Domain Services DNS DHCP Group Policy and Kerberos / NTLM authentication. Strong PowerShell scripting and automation skills. Hands-on experience with migration tooling such as ADMT and Quest Migration Manager. Knowledge of AD security hardening (LAPS gMSA tiered administration PAW JIT) and frameworks (CIS NIST). Familiarity with SIEM platforms (Splunk Microsoft Sentinel QRadar) and audit log forwarding. Experience with backup / recovery and AD forest recovery procedures. Working knowledge of hybrid identity (Entra ID / Azure AD Connect) is a plus. Certifications (Preferred) Microsoft certifications (e.g. MCSE Identity and Access Administrator) preferred. Security certifications such as Security GIAC or CISSP are an advantage. Core Competencies Strong analytical and root-cause troubleshooting skills. Clear written and verbal communication in English; Arabic is a plus. Ability to work with global and local stakeholders across time zones. Discretion and reliability appropriate to a regulated banking environment. Working Conditions Standard working week is Sunday to Thursday during normal working hours. Annual leave is provided in accordance with KSA labor law. Work required outside normal working hours or days is treated as overtime; overtime cost is settled with the monthly invoice. Change activities may require night and weekend maintenance windows scheduled to respect banking operating hours.

Alnafitha is seeking a Senior Active Directory Engineer to deliver managed operations and to support a major identity change initiative for a banking client in the Kingdom of Saudi Arabia. Working as the on-site technical liaison between the client and the global office the engineer ensures the stab...
Apply Now

About Company

Alnafitha IT
Company Logo

Alnafitha International founded since 1993 in Saudi Arabia is a leading independent provider of IT services and solutions. Alnafitha provides consistent processes and tools combined with the right skills at the right time and place. We design IT solutions that fit your unique requirem ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Senior Construction Project Manager Riyadh

Jobs For Humanity

Riyadh
Jobs For Humanity

Senior Sales Engineer

Emerson

Al Khobar
Emerson

Senior Cloud and System Engineer

Ethra Tatwer Human Resources

Riyadh
Ethra Tatwer Human Resources

Senior Sales

Kn-it

Jeddah
Kn-it

Senior Microbiologist

Sgs

Jubail
Sgs

Shift Engineer

Engie

Jubail

Electrical Engineer

Engie

Jubail

Project Engineer

Yokogawa

Jubail
Yokogawa
  1. Home
  2. Saudi Arabia
  3. Jobs In Saudi Arabia
  4. Jobs In Riyadh
  5. Senior Active Directory Engineer