Job Responsibilities
· Analyze and document existing Active Directory environment
· Create a User Role for Access Control, Access Policy, and Privileged roles
· Define, configure and trouble shoot identity governance and Role based access control
· Determine unwanted access and remove privileges, there by reducing blast radius
· Data mine data with to application security and configure access policy and privileges
· Work with application owners to determine the best access policy for their application including admin accounts
· Define, configure and trouble shoot ACLs, AD Groups, OU
· Secure elevated accounts for application and configure monitoring for any change on these elevated accounts
· Configure and build Domain Controller build and decommission process
· Configure user access reviews and develop workflows for requesting access
· Troubleshoot Domain controller and replication issues
· FSMO roles and maintenance
· Build PowerShell scripts for bulk Active Directory configuration and reporting
· Troubleshoot Active Directory Trusts and configuration.
· Configure and troubleshoot DNS and Name resolution
· Design and configure Server and security Hardening including Disaster recovery
· Develop a strategy for Capacity planning, Performance tuning, AD Design Consideration and Best practices
· Configure and troubleshoot Group policy
· Streamline the processes and recommend upgrades to Access Management services
· Provide access management gap analysis and recommend process improvements
Qualifications & Requirements
- Must have at least five years of IT related experience in a role where their function is supporting Active Directory in a geographically dispersed environment with at least 5,000 users.
- Strong knowledge of Microsoft Active Directory and associated components (LDAP/Kerberos)
- In-depth experience in Windows Server 2012, 2016 and 2019, Azure and Active Directory PowerShell
- Must have worked in previous projects involving Joiners, movers and leavers process
- Very proficient in all active directory and Azure tools
- Familiar with an Identity Management solution such as SailPoint
- Familiar with a Password Filtering Solution such as SpecOps
- Familiar with Privileged Access Management solutions
- Familiar with Operating system security for Windows - internals and hardening
- Familiar with an Identity Management & SSO solution
- Understanding of networking and firewalls
- Must possess strong analytical skills and convey findings clearly and concisely to a technical and non-technical audiences
- Must be able to research and develop Splunk queries including scheduled tasks
- Must be able to successfully execute against project tasks and deliverables
- Must be able to create and maintain clear and easily understandable documentation for the current and proposed state of processes within the scope of the position
- Must possess strong Microsoft Excel skills including Power BI. Manipulating large spreadsheets including but not limited to pivot tables, data analysis, and data queries
- Ability to analyze, propose, and implement workflows and process improvements
- Experience adhering to a change management process for all production changes
- Must have strong written and verbal communication skills, as well as the ability to coordinate multiple demands and be highly self-motivated
- Demonstrated experience providing excellent customer service in a professional environment
- Bachelor’s degree in Information Systems, Computer Science, or equivalent experience.