Senior Active Directory Engineer

<div class="benefits"> <div><strong>Benefits:</strong></div> <ul> <li>401(k)</li> <li>Competitive salary</li> </ul> </div> <div class="trix-content"> <h1><strong>Job Description</strong></h1><div>We are seeking a <strong>Senior Active Directory Engineer</strong> with <strong>10+ years of enterprise experience</strong> to support critical <strong>Directory Services initiatives for 2026</strong>. This is a <strong>hands‑on engineering role</strong> focused on <strong>Active Directory architecture, PKI/certificate automation, PowerShell scripting, and greenfield AD builds</strong>, including OT environments.<br><br> </div><div><strong>Responsibilities</strong></div><ul> <li>Design, build, and support <strong>enterprise Active Directory environments</strong> </li> <li>Perform <strong>greenfield AD forest and domain builds</strong> </li> <li>Implement and manage <strong>PKI and certificate lifecycle automation</strong> </li> <li>Troubleshoot complex issues across <strong>AD, DNS, GPO, and authentication</strong> </li> <li>Automate AD and server operations using <strong>PowerShell</strong> </li> <li>Support <strong>Windows Server 2016/2022/2025</strong> environments</li> <li>Apply <strong>Microsoft tiered security models (Tier 0/1/2)</strong> </li> <li>Ensure compliance with <strong>security and regulatory standards</strong> </li> </ul><h1><strong>Required Skills & Experience</strong></h1><div><strong>Active Directory (Expert Level)</strong></div><ul> <li>10+ years of enterprise Active Directory experience</li> <li>AD DS design, deployment, and troubleshooting</li> <li>Domain controller build, promotion/demotion</li> <li>FSMO roles, SYSVOL, DFS‑R</li> <li>AD Sites & Services</li> <li>Replication tools: <strong>repadmin, dcdiag</strong> </li> <li>Authentication: <strong>LDAP, Kerberos</strong> </li> </ul><div><strong>DNS (Critical Requirement)</strong></div><ul> <li>AD‑integrated DNS</li> <li>SRV records and zone configuration</li> <li>DNS troubleshooting and security best practices</li> </ul><div><strong>Group Policy (GPO)</strong></div><ul><li>GPO design, creation, optimization, and troubleshooting</li></ul><div> <strong>Windows Server<br></strong><br> </div><ul> <li>Windows Server <strong>2016, 2022, 2025</strong> </li> <li>Server hardening and security baseline configuration</li> </ul><div><strong>PKI / Certificates</strong></div><ul> <li>Microsoft <strong>AD Certificate Services (ADCS)</strong> </li> <li>Certificate templates and auto‑enrollment</li> <li>TLS/SSL certificate lifecycle management</li> <li>Certificate renewal automation</li> <li>Experience with <strong>Sectigo Certificate Manager</strong> or similar PKI tools</li> </ul><div><strong>Automation</strong></div><ul><li>Advanced <strong>PowerShell scripting</strong> for AD and server administration</li></ul><div><strong>AD Architecture & Security</strong></div><ul> <li>Building AD forests/domains from scratch</li> <li>OU design and delegation models</li> <li>Microsoft tiered security model (Tier 0 / Tier 1 / Tier 2)</li> <li>Credential hygiene and privileged access management</li> </ul><div><strong>Compliance</strong></div><ul><li>Experience working in <strong>regulated environments</strong> (GxP preferred)</li></ul><div><strong>Preferred Qualifications</strong></div><ul> <li>Hands‑on experience with <strong>Sectigo Certificate Manager</strong> </li> <li>Exposure to <strong>OT (Operational Technology) Active Directory</strong> </li> <li>Background in <strong>Pharma, Life Sciences, or other regulated industries</strong> </li> </ul> </div> <p>This is a remote position.</p>