L3 Sys Admin - Azure Active Directory

QUALIFICATIONS & SKILLS
· 5+ years of hands-on experience in Active Directory administration and security.
· 3+ years of experience managing Azure AD and hybrid identity solutions.
· Strong expertise in Semperis Directory Services Protector (DSP) and AD Forest Recovery (ADFR).
· Proficiency in PowerShell scripting for automation and administration.
· Experience with Azure AD Connect, AD Federation Services (ADFS), and authentication protocols (SAML, OAuth, OpenID Connect).
· Familiarity with Azure AD Conditional Access, Identity Protection, and MFA policies.
· Understanding of AD security principles, Kerberos authentication, and NTLM vulnerabilities.
· Hands-on experience with privileged access management (PAM) and identity governance solutions.
· Strong troubleshooting skills in domain controller replication, DNS, DHCP, and GPO management.
· Knowledge of cybersecurity best practices, risk assessments, and compliance standards.

Primary Technical and Functional abilities:
· Expert-level knowledge of Azure AD, Active Directory, and hybrid identity architectures.
· Strong experience with Azure AD Connect, ADFS, and SAML/OAuth authentication.
· Proficiency in PowerShell scripting, Graph API, and automation tools.
· Hands-on experience with Azure Identity Governance, PIM, and Conditional Access.
· Familiarity with Microsoft Intune, Endpoint Manager, and Windows Hello for Business.

Soft Skills
· Strong problem-solving and troubleshooting skills.
· Excellent communication and documentation abilities.
· Ability to work independently and collaborate with cross-functional teams.

Preferred Certifications
· Certifications: Microsoft Certified: Identity and Access Administrator Associate (SC-300), Azure Solutions Architect Expert (AZ-305), or equivalent.
· Experience with IAM solutions such as CyberArk, Okta, or Ping Identity.
· Exposure to SIEM tools (Splunk, Microsoft Sentinel) for log analysis and threat detection.
· Background in incident response, security monitoring, and forensic investigations.

Job Description
KEY RESPONSIBILITIES:
Azure Active Directory & Hybrid Identity Management:
● Administer and support Azure Active Directory (AAD), Active Directory Domain Services (AD DS), and hybrid identity integrations.
● Manage Azure AD Connect, ensuring synchronization and identity federation with on-prem AD.
● Implement and maintain Conditional Access policies, MFA, and SSO configurations.
● Troubleshoot authentication issues, directory sync failures, and identity lifecycle challenges.

Semperis Directory Protection & Security:
● Deploy, configure, and maintain Semperis Directory Services Protector (DSP) and Active Directory Forest Recovery (ADFR).
● Monitor Active Directory security events, detect anomalies, and implement preventive measures.
● Conduct real-time monitoring and response to unauthorized AD changes.
● Perform AD incident response and recovery using Semperis ADFR.

Active Directory Administration & Troubleshooting:
● Manage AD group policies, DNS, DHCP, and RBAC permissions.
● Perform AD health checks, domain controller replication monitoring, and performance tuning.
● Troubleshoot domain trust issues, Kerberos/NTLM authentication failures, and group policy misconfigurations.
● Support LDAP, PKI, and certificate services within the AD environment.

Security & Compliance:
● Ensure compliance with security frameworks (NIST, ISO 27001, HIPAA, GDPR).
● Implement Privileged Identity Management (PIM), Just-In-Time (JIT) access, and role-based access control (RBAC).
● Collaborate with security teams to assess risks, implement security controls, and mitigate threats.

Automation & Optimization:
● Develop PowerShell scripts for identity lifecycle automation, reporting, and security auditing.
● Optimize AD performance, replication, and backup strategies.
● Assist in cloud migrations, identity modernization, and Zero Trust implementations.