Active Directory Engineer

Intrepid Solutions is teamed on a new program providing analysis, design, engineering, integration, optimization and documentation of core elements of this Intel Agency’s IT Infrastructure Services.  Within this program, Intrepid is seeking a Subject Matter Expert level candidate to work with the identity and access management team.   A qualified individual will meet the requirements, and be able to perform the duties, listed below: 

• Engineer solutions to align with the IC Identity Credential and Access Management Service Provider (ICAM SP) roadmap.
• Support Active Directory (AD) and associated service components supporting user, privileged user, and service account management, security and distribution groups, and third-party products (cloud platforms), Lightweight Directory Access Protocol (LDAP) systems, Active Roles Server (ARS), Total Privileged Access Module (TPAM) Change Auditor, and third-party scripting tools.
• Provide engineering support for AD/Office365 in the cloud.
• Provide services to support certificate validation to include; Public Key Infrastructure (PKI) including Certificate Authorities, sub-Certificate Authorities, Online Certificate Status Protocol (OCSP), Responder and Robust Certificate Validation Service (RCVS).
• Identity Management Suite (Account Provisioning) on the available networks to include integration with Active Directory, PKI, external directories, and integration across all networks.
• Provide engineering support on all AD services for all security domains. Services will include design and architect of AD to include but not limited to Microsoft Active Directory, Lightweight Directory Access Protocol (LDAP), Quest Active Roles Server (ARS), Total Privileged Access Module (TPAM), ACTIVE Client, Microsoft  System Center Service Manager (SCSM), Microsoft Orchestrator, Change Auditor, PowerShell, and Microsoft Bastian Forrest.
• Recommend engineering enhancements to AD.
• Engineer, test and review/recommend Group Policy Object (GPO) changes.
• Create AD scripts to review and optimize AD using PowerShell.
• Make recommendations in writing to replace any currently used AD system if the replacement will save the government money and provide streamlined, automated capabilities.
• Provide IT Tech Refresh plans (including AD) for aging equipment and for the installation of the new equipment, physical or virtual.
• Recommend the appropriate standards, policies, procedures, and technologies to facilitate the management, accountability, and functionality of the AD operations.
• Recommend engineering enhancements to AD. Engineer, test and review/recommend Group Policy Object (GPO) changes. Create AD scripts to review and optimize AD using PowerShell.
• Make recommendations in writing to replace any currently used AD system if the replacement will save the government money and provide streamlined, automated capabilities.

OPERATING HOURS AND EXPECTATIONS: This is a full time position, with standard operating hours Monday - Friday.

TRAVEL: Position does not require travel.

CLEARANCE: Active Top Secret / SCI and CI Polygraph.  ***TS/SCI required upon application for initial consideration.   This position is not open for any additional clearance upgrades outside of the CI Poly, no reactivation, nor sponsorship.***

EDUCATION:

• High School or equivalent – Ten (10) years of work experience
• Associates Degree – Eight (8) years of work experience
• Bachelors Degree – Six (6) years of work experience
• Masters Degree – Four (4) years of work experience
• PhD – Two (2) years of work experience

CERTIFICATION(S): 

• IAT II (Security+ or equivalent), required and active at time of application.

REQUIRED SKILLS AND EXPERIENCE:

• Strong knowledge and hands-on experience with Active Directory.
• Microsoft Office 365 and Azure design, engineering and operations.
• Experience with IdAM technologies; digital identities, Access Control, Virtual Directory, PKI, Two Factor Authentication and supporting technologies.
• Familiarity with account provisioning concepts, privileged user management, attribute manipulation and Role Based Access Controls (RBAC).

DESIRED SKILLS AND EXPERIENCE:

• Experience in Thycotic Secret Server and\or other PAM (privileged access management) systems.
• Experience in Quest Active Roles Server (ARS)

Equal Opportunity Employer/Veterans/Disabled