Active Directory Engineer

Contract Duration: 6-7 months
Position Location: Hybrid – 60% Office, 40% Remote
(Onsite Locations: Bedford, MA / Atlanta, GA / San Diego, CA / Waukasha, WI)

Position Overview:

We are seeking an experienced Active Directory (AD) Engineer to supplement an existing team and provide Identity and Access Management (IAM) strategy recommendations. The ideal candidate will possess a strong background in designing, building, and maintaining complex global directory environments.

Key Responsibilities:

• Engineering, deploying, operationalizing, maintaining, and supporting tools associated with AD.
• Contributing to the engineering and support of AD as needed.
• Communicating service directions, features, and roadmaps.
• Providing technical leadership and guidance.
• Assisting with currency and patching of AD systems.
• Liaising with and supporting operational teams.
• Participating in incident response for AD platforms as needed.
• Assisting in technology evaluations and proof of concept projects.
• Contributing to disaster recovery planning and remediation of vulnerabilities within AD.
• Making recommendations for improving and securing the AD environment.
• Providing IAM strategy recommendations.

Required Experience:

• Senior-level AD Engineer with 5-7 years of experience.
• Experience in large enterprise environments.

Required Technical Skills & Experience:

• 5+ years in directory services engineering.
• 2+ years in IAM strategy development.
• Manufacturing industry experience.
• Strong understanding of AD security principles.
• Experience with implementing and maintaining AD tools, including:
  • Microsoft ATA/AATP/Defender for Identity.
  • Microsoft ADRES (Active Directory Recovery Execution Service).
  • Quest Tools (Change Auditor, Recovery Manager, Enterprise Reporter, Migration Manager).
  • Other equivalent AD management tools.
• Familiarity with supporting SOC processes, recovery testing, AD continuity, and disaster recovery.
• Experience with AD security capabilities:
  • Microsoft Defender Credential Guard.
  • Kerberos and NTLM protocols.
  • Group Policy Preferences administration.
  • Domain Controller communications and security.
  • Ransomware defense for directory services.

Required Soft Skills:

• Excellent interpersonal and communication skills in English (both written and spoken).
• Strong organizational skills with attention to detail.
• Strategic thinking balanced with a detail-oriented mindset.
• Team player, able to collaborate both in person and virtually (MS Teams or similar).
• Self-starter with the ability to take initiative.
• Flexibility to work across different time zones.

Preferred Skills:

• Experience with SAP Access Control.
• Certifications such as CISSP, CISM, or equivalent are a plus.