Active Directory​/Entra​/IAM Engineer- HYBRID

Contract | Simple Solutions | United States

Posted On 06/01/2026

Banking

Job Opening

Work Experience 10+ Years

City New York, jersey city, Pittsburgh

State/Province New York

10001

Active Directory / Entra  / IAM Engineer

Location:

NYC, Jersey City, or Pittsburgh (2-3 days onsite)

Seeking an experienced Active Directory / Entra  / IAM Engineer to support enterprise identity and access management services across production environments. This role is focused on maintaining and enhancing on-premises and cloud-based identity infrastructure, with deep emphasis on Active Directory, Microsoft Entra , hybrid identity operations, authentication services, and privileged access controls.

Key Responsibilities

• Provide day-to-day engineering and operational support for enterprise Active Directory and Entra  supporting large-scale global user populations.
• Administer, harden, and support on-premises Active Directory infrastructure including domain controller build and maintenance, DNS (SRV records), LDAP, Kerberos, NTLM, GPO, OU structure, replication, and directory health.
• Support Microsoft Entra  including Conditional Access, MFA, Identity Protection, Privileged Identity Management (PIM), app registrations, and service principal governance.
• Maintain and support hybrid identity environments including AD Connect configuration, sync operations, failover between data center instances, and Power Shell-based sync troubleshooting.
• Administer PKI infrastructure including certificate authority management, certificate lifecycle, LDAP signing, and certificate installation on domain controllers and services.
• Support authentication and access solutions including SSO, federation (SAML, OIDC, OAuth2), MFA, and privileged access controls.
• Perform enterprise application onboarding and integration with identity platforms; troubleshoot authentication, authorization, and provisioning issues.
• Execute platform hardening aligned with Microsoft cumulative hardening guidance and enterprise security policy — including SMB signing, LDAP signing, Kerberos enforcement, and legacy protocol disablement.
• Support audit, compliance, and vulnerability remediation activities; respond to security findings from scanning tools such as Rapid7, Nessus, or Crowd Strike.
• Partner with infrastructure, cybersecurity, and application teams to deliver identity-related changes and service improvements.
• Develop and maintain runbooks, operational documentation, and support procedures; train follow-the-sun operations teams on repeatable workflows.
• Participate in on-call rotations, after-hours change windows, and incident response including major incident bridge management.

Required Skills & Experience

• 8+ years of hands-on experience administering and supporting enterprise Active Directory — including building, hardening, and directly owning domain controllers.
• Knowledge of AD fundamentals:
  Kerberos and NTLM authentication protocols, DNS (SRV records), LDAP and LDAP signing, GPO design, replication, forest/domain architecture, and DC security hardening.
• Strong experience with Microsoft Entra  Conditional Access, MFA, Identity Protection, PIM, app registrations, and service principal governance.
• Hands-on experience with AD Connect in high-availability configurations including multi-data-center failover, sync troubleshooting, and Power Shell-based sync commands.
• Experience supporting hybrid identity environments across on-premises Active Directory and Microsoft Entra .
• Working knowledge of PKI infrastructure including certificate authority administration, LDAP signing, and certificate use cases on domain controllers.
• Experience with IAM and PAM platforms such as SailPoint, Okta, and Cyber Ark.
• Proficiency in Power Shell;
  Python and Microsoft Graph API experience preferred.
• Experience with enterprise SIEM platforms (Splunk preferred) for log analysis, dashboard use, and incident triage.