Active Directory Architect Engineer
Washington DC, WA - USA
Job Summary
Looking for an opportunity to make an impact
At Leidos we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers success.
We empower our teams contribute to our communities and operate sustainable. Everything we do is built on a commitment to do the right thing for our customers our people and our community.
Our Mission Vision and Values guide the way we do business.
If this sounds like the kind of environment where you can thrive keep reading!
The Digital Modernization Sector brings together our digital transformation and IT programs allowing us to better serve our customers through scale and repeatability.
(Group Profile/Link to Group page) - Next Great Adventure Awaits!
Leidos is seeking a highly skilled Active Directory Architect / Engineer to review and re-architect ATRs Microsoft Active Directory and hybrid identity environments. The candidate will be responsible for overseeing the implementation optimization and ongoing management of the updated architecture and will play a key role in maintaining integrity availability and security of identity and access management systems that support the entire ATR organization. This position focuses on both the on-premises Active Directory Domain Services (AD DS) and integration with Microsoft Entra ID (formerly Azure AD).
Please Note: This work is located onsite in the DC area.
Key Responsibilities:
Design deploy upgrade and administer Active Directory Domain Services including domain controllers forests domains trusts and replication topologies (i.e. Manage and optimize Group Policy Objects (GPOs) OU structures and security baselines; including object management through bulk operations and automation Troubleshoot and resolve complex AD-related issues including authentication failures replication problems DNS issues and Kerberos/NTLM problems Plan and execute Active Directory migrations consolidations and upgrades (of both underlying server infrastructure and overall forest/domain functional levels) Develop and maintain disaster recovery backup and restore procedures for AD environments (including AD Recycle Bin and authoritative restores) Monitor AD health and performance using tools such as Microsoft System Center Azure Monitor or third-party solutions).
Implement and maintain Advanced Microsoft Entra ID (Azure AD) Okta hybrid identity models Privileged Access Management (PAM) and Public Key Infrastructure services in compliance with federal standards (e.g. NIST and DISA STIG).
Engineer and implement security best practices including: (i.e. Privileged Access Management (PAM) Just-In-Time (JIT) access tiered administration and Least Privilege principles Zero Trust network access (ZTNA) secure enclave integration and defense-in-depth methodologies Compliance with security standards regulatory requirements (SOC 2 ISO 27001 HIPAA CMMC etc.) and internal policies.
Collaborate with Security Endpoint Cloud and Application teams on identity-related projects and incident response.
Automate repetitive tasks using PowerShell Microsoft Graph Python and Infrastructure as Code (leveraging Ansible) where applicable.
Required Qualifications:
Bachelors degree in Computer Science Information Technology Engineering OR in a related field and 12 years of relevant experience OR Masters degree with 10 years of relevant experience . Additional years of experience will be considered/accepted in lieu of a degree.
12 years of hands-on experience as an Active Directory Architect Engineer OR Senior Administrator in complex enterprise environments.
Deep expertise in designing deploying upgrading and administering Microsoft Active Directory Domain Services (AD DS) including domain controllers multi-domain/forest architectures trusts replication topologies Group Policy Objects (GPOs) OU design and security baselines.
Strong experience with hybrid identity solutions including synchronization and integration between on-premises AD DS and Microsoft Entra ID (formerly Azure AD).
Proven track record in troubleshooting and resolving complex AD issues (authentication failures replication DNS Kerberos/NTLM etc.).
Experience with Active Directory migrations consolidations forest/domain functional level upgrades and infrastructure modernization.
Solid understanding of disaster recovery backup/restore procedures for AD (including AD Recycle Bin and authoritative restores).
Experience implementing and managing Privileged Access Management (PAM) Just-In-Time (JIT) access tiered administration models and Least Privilege principles.
Working knowledge of Public Key Infrastructure (PKI) Zero Trust Network Access (ZTNA) secure enclaves and defense-in-depth security strategies.
Familiarity with compliance frameworks and federal standards such as NIST DISA STIGs SOC 2 ISO 27001 HIPAA and CMMC.
Proficiency in automation and scripting using PowerShell Microsoft Graph Python and Infrastructure as Code tools (e.g. Ansible).
Experience collaborating with Security Cloud Endpoint and Application teams on identity-related initiatives and incident response.
Strong communication skills and ability to work independently as a contractor in a dynamic environment.
U.S. Citizenship required.
Ability to obtain and maintain a Public Trust security clearance.
Preferred Qualifications:
Experience with Okta for identity management and federation.
Background supporting federal or regulated industries with strict compliance requirements.
Experience using monitoring tools such as Microsoft System Center Azure Monitor or third-party AD health solutions.
Knowledge of modern identity security practices and integration with cloud platforms.
Desired Certifications (one or more of the following):
Microsoft Certified: Identity and Access Administrator Associate (SC-300).
Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800 AZ-801).
Microsoft Certified: Azure Administrator Associate (AZ-104).
Microsoft Certified: Azure Security Engineer Associate (AZ-500).
CISSP (Certified Information Systems Security Professional).
CISM (Certified Information Security Manager).
Okta Certified Professional or Okta Certified Administrator.
Please Note: The program budget salary for this role could fall anywhere between mid $150000 to low/mid $170000 with a slight wiggle room (no guarantees) based on relevant experience and assessment. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.
Leidos is growing! Connect with us onLinkedInandFacebook.
If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.
Original Posting:
June 18 2026For U.S. Positions: While subject to change based on business needs Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.
Pay Range:
Pay Range $131300.00 - $237350.00The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.
Required Experience:
Director
About Company
Leidos is an innovation company rapidly addressing the world's most vexing challenges in national security and health. Our 47,000 employees collaborate to create smarter technology solutions for customers in these critical markets.