Senior Active Directory Engineer

Job description

DESE is seeking a Senior Active Directory Engineer in Huntsville, AL. The Senior Active Directory Engineer serves as the subject matter expert for the design, implementation, and maintenance of a robust on-premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment, ensuring high availability and seamless authentication across the enterprise. You will lead forest-level migrations, disaster recovery planning, and the hardening of AD objects against modern security threats. Responsibilities: - Design and deploy multi-forest/multi-domain AD architectures, including Site and Services optimization for low-latency authentication. - Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations. - Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols. - Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022). - Establish and regularly assess AD-specific backup and restoration procedures (Authorita...