Role description
Key Responsibilities
Active Directory Administration and Support
- Implement and manage Active Directory (AD) on Windows Server 2019 and newer versions.
- Administer and troubleshoot AD topology, replication, and core components.
- Execute domain migration and consolidation for large-scale enterprise environments.
- Design and implement robust domain controller placement for disaster recovery scenarios and perform metadata cleanup.
- Administer AD-integrated DNS, including migration, consolidation, zone management, SRV records, conditional forwarders, root hints, and scavenging procedures.
- Implement, and manage Group Policy Objects (GPOs) and Group Policy Preferences (GPPs).
- Configure and troubleshoot various trust relationships between domains.
- Manage authentication protocols and procedures for user and workstation authentication.
- Remediate security vulnerabilities identified by risk assessment programs.
Identity and Access Management
- Manage and maintain Active Directory Federation Services (ADFS), Entra ID Connect, and Active Directory Certificate Services (AD CS).
- Administer Entra ID environments, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), Privileged Identity Management (PIM), and Self-Service Password Reset (SSPR).
- Troubleshoot issues related to MFA, application SSO, and other identity services.
- Architect and implement application federations with Entra ID to enable seamless authentication and authorization for SaaS, third-party, and multi-tenant applications.
- Manage the end-to-end lifecycle of application registrations within Entra ID, including managing application credentials, permissions, and manifest configurations.
- Configure and optimize Entra ID sign-in flows for various application types (e.g., web, SPA) to ensure a secure and compliant user authentication experience.
- Integrate line-of-business applications and other enterprise applications with Entra ID to centralize identity management and control access.
- Perform server security hardening, including patching, and TLS encryption implementation.
- Develop and implement security policies across the server infrastructure.
- Create PowerShell scripts to automate various administrative tasks.
Required Qualifications
- Proven experience as an Active Directory and Identity Platform Engineer in an enterprise environment.
- Deep expertise in Windows Server administration, Active Directory, DNS, and GPO management.
- Extensive hands-on experience with Entra ID (formerly Azure AD), including Entra ID Connect, ADFS, MFA, SSO, PIM, and Conditional Access Policies.
- Proficiency in PowerShell scripting for automation and administration.
- Excellent troubleshooting, problem-solving, and communication skills.
- Strong understanding of security best practices related to identity and access management.
- Experience in a project lead or senior technical role.
Skills
Active directory/AD, Entra ID
About UST
UST is a global digital transformation solutions provider. For more than 20 years, UST has worked side by side with the world’s best companies to make a real impact through transformation. Powered by technology, inspired by people and led by purpose, UST partners with their clients from design to operation. With deep domain expertise and a future-proof philosophy, UST embeds innovation and agility into their clients’ organizations. With over 30,000 employees in 30 countries, UST builds for boundless impact—touching billions of lives in the process.
