Senior Active Directory - Cloud Identity Specialist

Summary:

We are seeking a Senior Directory Services analyst to modernize our enterprise identity platform across on‑prem Active Directory, LDAP’s, and other cloud-based directories and stores. The role is focused on securing employee, partner, and application access in a highly-regulated financial services environment and will partner closely with security, infrastructure, and application teams. If you are passionate about identity security and thrive in high-stakes environments, this role offers the chance to make a measurable impact on the security posture of a global enterprise.

Key Responsibilities:

• Lead architecture, engineering, and operations for Active Directory forests, domains, and Group Policy in a multi-site, highly regulated environment.  

• Design and drive adoption of hybrid identity solutions integrating on‑prem and cloud-based services.

• Implement and optimize authentication and authorization controls: SSO, MFA, Conditional Access, identity protection, and modern protocols (SAML, OAuth2, OIDC).  

• Define and enforce standards for identity lifecycle: joiner/mover/leaver processes, automated provisioning/deprovisioning, access reviews, and role-based access control (RBAC).  

• Partner with stakeholders and business teams to implement least-privilege, privileged access management (PAM), and Zero Trust-aligned identity controls. 

• Lead and support AD and identity-related projects: domain/forest consolidation, mergers/acquisitions, cloud migrations, and re-platforming.  

• Enhance monitoring, alerting, and reporting for directory and identity health, security posture, and compliance (audit trails, SOX, GLBA, PCI, etc.)

• Develop and maintain scripts and automation (primarily PowerShell) to drive consistency, efficiency, and security in identity operations. 

• Serve as a senior SME and escalation point for complex identity incidents, outages, and security events.

• Produce and maintain technical documentation, runbooks, standards, and architecture diagrams for AD and cloud identity services.  

• Mentor and guide junior engineers, analysts, and admins and contribute to identity and access strategy and roadmap.

Required Qualifications:

• 10+ years of hands-on experience administering and engineering enterprise Active Directory in a large, multi-site environment.  

• Strong expertise in: AD forest/domain design, trusts, DNS, Group Policy, replication, and AD security hardening.  

• 5+ years working with Azure AD/Entra ID and hybrid identity (synchronization, federation, ADFS or equivalent, cloud-only and hybrid scenarios).  

• Deep understanding of identity and access management concepts: authentication, authorization, RBAC, least privilege, PAM, Zero Trust.  

• Strong experience with MFA, Conditional Access, SSO, and identity federation using SAML, OAuth2, and OpenID Connect.  

• Proficiency with PowerShell for automation, reporting, and bulk operations in AD and Azure AD.  

• Experience operating in regulated environments (preferably banking/financial services) with audit, risk, and compliance requirements.  

• Solid understanding of networking and security fundamentals (TCP/IP, firewalls, TLS, certificates, PKI as it relates to identity).  

• Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.