AD, Entra ID PKI - Security Systems Associate Director

• Leading a team of 20+ Global engineers working on Active Directory DNS, DHCP, GPO, ADFS & Azure AD, MFA, SSO, IGA/IAM - designing, Architecture Solutions, Integration with platforms & Applications
• Develop an architecture of directory solutions for Windows, Unix, and related platforms
• Expert knowledge in Domain consolidations, Active Directory management, Security and understanding of User accounts, machine accounts, GPOs
• Understand the requirement and create a migration plan for any services i.e. DNS, DHCP, and Certificate Services (PKI) etc.
• Analyzing the requirement and design a solution to fulfil the requirement with zero impact to other platforms
• Strong knowledge of Azure active directory design, Architect Solutions, Integration with platforms & Applications and AD connector to Azure
• Auditing the security logs and integrating with SIEM
• Conducting POC with multiple vendors for AD solutions and prepare detailed test cases. Create a clear recommendation document with pros and cons for senior management
• Vulnerability Assessment and Management related to Active Directory, DNS & Windows platforms
• Active Directory consolidations including application integration working with application teams
• Recommend security best practices to achieve stated business objectives, advises on risk assumptions for any variances granted, and provides alternatives to achieve desired end results
• Conducting interviews and assisting with recruiting efforts
• Strong background in financial management including Cost models & Cost optimization
• Extensive experience in service delivery, managing KPI, SLA, Contract writing and reviews and service solutioning.

Required Qualifications:

• Minimum 5 years relevant experience in Architecture and designing, solutions & Migrating Active Directory, Azure AD, Windows & End points
• Strong understanding of Active Directory migration tools or equivalent and consolidation of Global Forest and Domains. Hands on experience in successful consolidation of AD Forests and Domains Ideal
• Strong understanding of Azure AD (Azure Active Directory) & Integration with on premise
• Understanding of AD Trusts, two-way Trusts and one-way Trusts and deep knowledge of Active Directory Schemas and meta data
• Strong knowledge of Azure Active Directory technologies, including authentication models, federation, Multifactor Authentication (MFA), conditional access policies and other relevant capabilities.
• Knowledge of best practices in AD/Azure Privileged access management and modern AD/Azure Secured Administration practices
• Strong Knowledge on IAM disciplines like PIM and Privilege Administrative Accounts PAM solutions such as CyberArk
• Strong familiarity with DNS Active Directory integrated, partitions and Infoblox & DHCP systems and Migration of services from Active Directory any platform
• Demonstrated knowledge in AD assessment in terms of OU delegation, GPOs, permission etc.,
• Knowledge of Active Directory versions 2003, 2008R2, 2012R2 & 2016, 2019 and Azure Active Directory
• Demonstrated working knowledge and ideally hands on experience in AD disaster recovery, Replication issues and resolution using tools such as repadmin
• Demonstrated knowledge in writing and applying GPOs, especially related to domain consolidations
• Good Knowledge on Active Directory & windows audit logs and levels and SIEM integration
• Good knowledge on Networking, firewalls, including host firewalls, DNS, DHCP, DFS & Network load balancers and Secure Global Directory or Secure LDAP
• Good knowledge on AD authentication protocols Kerberos, NTLM, LDAP, LDAPS & LDAP-Start TLS
• Knowledge of on Network log capturing & analyzing the network packet captures through the tools Wireshark, Microsoft NM etc.,
• knowledge of application integration with LDAP & Kerberos i.e. Keytab, krb5 etc.,
• Good knowledge on any Identity & Access Management tools like FIM, MIM, OIM, Quest etc.,
• Exposure or understanding of SAML, OAuth, OpenID and other security/IAM related standards
• Knowledge of single sign-on, federation, active directory/LDAP, Kerberos/NTLM authentication & integrated Windows authentication
• Good knowledge on Identity management and Role based access control, attribute-based access control & entitlement management, Least privileged access models
• Excellent communication skills, especially verbal and written
• Good documentation skills to write a design & configuration documents version controls
• Excellent Interpersonal skill and ability to work as part of a team
• Home office for remote work
• Ability to work some weekends and late nights performing approved changes
• ITIL V3 or later experience, experience in writing change request and attending Change Advisory Boards (CAB) meeting
• Experience with Security Controls and compliance

Required Qualifications:

• 5+ years of relevant experience
• 3+ years leadership experience
• Strong knowledge of Active Directory, Window Server OS, Network, Firewall
• Basic understanding of Azure AD, Azure SSO, Azure MFA
• Basic knowledge of Group Policy
• Virtualization technology basic understanding
• Strong troubleshooting skills
• Basic PowerShell Commands/scripting

Preferences:

• Ideally certifications from one of the following: Security+, Microsoft, AWS
• 7+ years of relevant experience
• 4+ years leadership experience
• Strong Azure AD, Azure SSO, Azure MFA skills
• Undergraduate degree
• Strong understanding of networking technologies
• Advanced knowledge of network security that pertains to communications, computer system environments and related infrastructures