Entra ID Engineer

Job Title: Active Directory Engineer

Location: Hybrid (60% Onsite, 40% Remote) - Bedford, MA; Atlanta, GA; San Diego, CA; or Waukasha, WI

Position Overview

We are seeking an experienced Active Directory (AD) Engineer to join our team and contribute to the design, deployment, and maintenance of complex global directory environments. This role is critical in supporting and operationalizing tools associated with Active Directory while also providing IAM strategy recommendations.

Key Responsibilities:

• Design, build, maintain, and support complex global Active Directory environments.
• Lead and contribute to the engineering and support efforts for AD as needed.
• Communicate service directions, features, and roadmaps.
• Provide technical leadership to junior team members.
• Assist with AD currency and patching.
• Liaise with operational teams for training and support.
• Participate in incident response for Active Directory platforms as required.
• Assist in technology evaluations and proof of concepts.
• Contribute to disaster recovery planning and execution for AD.
• Remediate prioritized vulnerabilities in AD.
• Provide recommendations to improve and secure the AD environment.
• Offer IAM strategy recommendations.

Required Experience:

• 5+ years of experience in directory services engineering.
• 2+ years of experience in IAM strategy.
• Senior-level experience with large enterprise environments.
• Manufacturing industry experience is a plus.

Technical Skills:

• Strong understanding of AD security and related tools.
• Experience with Microsoft ATA/AATP/Defender for Identity, ADRES (AD Recovery Execution Service).
• Familiarity with Quest tools (Change Auditor, Recovery Manager, etc.) and alternative vendor tools.
• Experience supporting SOC and periodic recovery testing of AD.
• Expertise in AD Business Continuity and Disaster Recovery Planning.
• Proficiency with Microsoft Defender Credential Guard, Kerberos, Group Policy administration, and other AD capabilities.
• Knowledge of Microsoft’s Rapid Modernization Plan (RAMP) and domain administration best practices.
• Experience in PowerShell auditing, logging, and script signing.

Soft Skills:

• Excellent interpersonal and communication skills.
• Strong organizational skills with attention to detail.
• Business outcomes-oriented mindset.
• Ability to collaborate effectively in person and virtually.
• Self-starter with the ability to take initiative and work independently.
• Flexibility to work across different time zones.

Preferred Qualifications:

• Experience with SAP Access Control.
• Certifications such as CISSP, CISM, or equivalent.