Active Directory Architect

Responsibilities Administer, maintain, and secure Active Directory (AD) environments, including domain controllers, replication, DNS, and security hardening. Manage Active Directory Certificate Services (ADCS) and enterprise Public Key Infrastructure (PKI), including certificate lifecycle management. Support and maintain Active Directory Federation Services (ADFS) and integrations with internal and external identity providers. Implement and manage Azure Information Protection (AIP) to support enterprise data security and classification initiatives. Configure and manage Hardware Security Modules (HSMs) for cryptographic key protection and secure operations. Design, implement, and enforce Group Policy Objects (GPOs) to meet security , compliance, and operational standards. Ensure secure authentication and authorization through deep expertise in Kerberos, Service Principal Names (SPNs), and keytab management. Utilize Quest tools (Change Auditor, RMAD, GPOAdmin) for auditing, monitoring, disaster recovery, and policy governance. Deploy and manage cloud infrastructure in AWS, leveraging Terraform and InfrastructureasCode (IaC) practices for automation and consistency. Develop and maintain PowerShell automation scripts for operational efficiency, reporting, and security controls. Partner with cybersecurity and compliance teams to ensure adherence to enterprise security standards and best practices. Participate in an oncall rotation to support critical identity and security services and resolve highseverity incidents. Work as part of an Agile team, participating in ceremonies and collaborating with application developers, business stakeholders, and infrastructure teams. Required Qualifications Strong experience administering Active Directory in complex, enterprisescale environments. Handson expertise with ADCS, PKI, and certificate lifecycle management. Indepth knowledge of Kerberos authentication, SPNs, and keytabs. Advanced experience managing and troubleshooting Group Policy Objects (GPOs). Proficiency in PowerShell scripting for automation, auditing, and reporting. Experience with Terraform and InfrastructureasCode concepts. Familiarity with AWS infrastructure and cloudbased identity integrations. Experience using Quest Change Auditor, RMAD, and GPOAdmin. Solid understanding of enterprise security principles, especially those related to privileged access and identity protection. Ability to meet requirements for enhanced background screening due to Tier 0 access.