Active Directory / Entra ID / IAM Engineer

Job Description

Company: Jobs via Dice

Location: New York, US

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Simple Solutions, is seeking the following. Apply via Dice today!

Active Directory / Entra ID / IAM Engineer

Location: NYC, Jersey City, or Pittsburgh (2-3 days onsite)

Duration: 12-month engagement

Seeking an experienced Active Directory / Entra ID / IAM Engineer to support enterprise identity and access management services across production environments. This role is focused on maintaining and enhancing on-premises and cloud-based identity infrastructure, with deep emphasis on Active Directory, Microsoft Entra ID, hybrid identity operations, authentication services, and privileged access controls.

Key Responsibilities

• Provide day-to-day engineering and operational support for enterprise Active Directory and Entra ID environments supporting large-scale global user populations.
• Administer, harden, and support on-premises Active Directory infrastructure including domain controller build and maintenance, DNS (SRV records), LDAP, Kerberos, NTLM, GPO, OU structure, replication, and directory health.
• Support Microsoft Entra ID administration including Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), app registrations, and service principal governance.
• Maintain and support hybrid identity environments including AD Connect configuration, sync operations, failover between data center instances, and PowerShell-based sync troubleshooting.
• Administer PKI infrastructure including certificate authority management, certificate lifecycle, LDAP signing, and certificate installation on domain controllers and services.
• Support authentication and access solutions including SSO, federation (SAML, OIDC, OAuth2), MFA, and privileged access controls.
• Perform enterprise application onboarding and integration with identity platforms; troubleshoot authentication, authorization, and provisioning issues.
• Execute platform hardening aligned with Microsoft cumulative hardening guidance and enterprise security policy — including SMB signing, LDAP signing, Kerberos enforcement, and legacy protocol disablement.
• Support audit, compliance, and vulnerability remediation activities; respond to security findings from scanning tools such as Rapid7, Nessus, or CrowdStrike.
• Partner with infrastructure, cybersecurity, and application teams to deliver identity-related changes and service improvements.
• Develop and maintain runbooks, operational documentation, and support procedures; train follow-the-sun operations teams on repeatable workflows.
• Participate in on-call rotations, after-hours change windows, and incident response including major incident bridge management.
• Use PowerShell, Python, and Microsoft Graph / Entra APIs to automate operational tasks and improve efficiency.

Required Skills & Experience

• 8+ years of hands-on experience administering and supporting enterprise Active Directory — including building, hardening, and directly owning domain controllers.
• Knowledge of AD fundamentals: Kerberos and NTLM authentication protocols, DNS (SRV records), LDAP and LDAP signing, GPO design, replication, forest/domain architecture, and DC security hardening.
• Strong experience with Microsoft Entra ID including Conditional Access, MFA, Identity Protection, PIM, app registrations, and service principal governance.
• Hands-on experience with AD Connect in high-availability configurations including multi-data-center failover, sync troubleshooting, and PowerShell-based sync commands.
• Experience supporting hybrid identity environments across on-premises Active Directory and Microsoft Entra ID.
• Working knowledge of PKI infrastructure including certificate authority administration, LDAP signing, and certificate use cases on domain controllers.
• Experience with IAM and PAM platforms such as SailPoint, Okta, and CyberArk.
• Proficiency in PowerShell; Python and Microsoft Graph API experience preferred.
• Experience with enterprise SIEM platforms (Splunk preferred) for log analysis, dashboard use, and incident triage.

Source: LinkedIn