×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Active Directory Architect – Hybrid Identity & Security

Remote / Online - Candidates ideally in
Kearney, Buffalo County, Nebraska, 68847, USA
Listing for: Dormont Manufacturing Co
Full Time, Remote/Work from Home position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

This role is four days onsite at our Seneca One Buffalo, NY location, with the flexibility to work from home one day per week

Overview:

Responsible for designing, securing, and operating Microsoft Active Directory Domain Services (AD DS) in regulated, high-availability environments. Acts as knowledge resource for and trains less experienced engineers. Completes day-to-day support activities and special projects.

Primary Responsibilities:

Enterprise Active Directory Architecture

  • Proven expertise supporting large-scale, Tier‑1 identity infrastructures with strict uptime, latency, and change‑control requirements
  • Strong experience with:
    • Multi-domain and multi-forest designs aligned to business units, regions, or regulatory boundaries
    • Forest and external trusts supporting M&A, joint ventures, and third-party integrations
    • FSMO role placement optimized for resilience and auditability
  • Advanced understanding of Active Directory–integrated DNS , split‑brain DNS, and secure name resolution models

Hybrid Identity & Microsoft Entra  (Azure AD)

  • Extensive experience integrating on-prem AD with Microsoft Entra in regulated financial environments
  • Hands-on implementation of:
    • Entra Connect (Cloud Sync and Traditional)
    • Password Hash Sync, Pass-through Authentication, and Federation
  • Strong experience with:
    • Conditional Access aligned to regulatory and risk-based controls
    • Hybrid Join, Entra , and legacy device coexistence
  • Understanding of identity lifecycle controls to support joiners, movers, leavers, and separation-of-duties requirements

Security, Compliance & Risk Controls

  • Expert-level knowledge of Active Directory security hardening in financial services, including:
    • Tiered administrative model (Tier 0/1/2)
    • Dedicated admin forests or hardened admin boundaries (where applicable)
    • Privileged Access Workstations (PAWs) / Secure Admin Workstations
  • Experience enforcing least privilege , role separation, and dual‑control models
  • Deep familiarity with threats targeting financial institutions:
    • Credential theft, Kerberoasting, Pass-the-Hash/Ticket
    • Delegation and ACL abuse
  • Hands-on experience with:
    • Privileged Identity Management (PIM)
    • Regular access reviews and entitlement recertification
  • Strong alignment with Zero Trust and defense-in-depth identity strategies

Regulatory & Audit Readiness

  • Demonstrated experience supporting audits and controls for financial regulations and frameworks, such as:
    • SOX, GLBA, PCI DSS, SOC 2
    • Internal risk management and model governance requirements
  • Ability to design AD environments that support:
    • Strong logging and traceability
    • Tamper-resistant audit logs
    • Evidence generation for internal and external auditors

Automation & Power Shell

  • Advanced Power Shell expertise for:
    • Controlled, auditable administrative changes
    • Automated provisioning/deprovisioning aligned to compliance workflows
    • Identity reporting for risk, security, and audit teams
  • Experience building automation that integrates with:
    • Change management processes
    • IAM, ticketing, and security tooling

Operations, Resilience & Recovery

  • Deep experience managing:
    • AD replication topology across data centers and regions
    • SYSVOL (DFSR) health and recovery
    • Latency-sensitive authentication dependencies
  • Strong understanding of:
    • AD backup, recovery, and authoritative restore procedures
    • Identity disaster recovery scenarios with defined RTO/RPO
  • Experience implementing monitoring and alerting with a focus on early risk detection

Leadership & Governance

  • Acts as technical authority and escalation point for all directory and identity services
  • Defines and enforces:
    • Enterprise identity standards
    • Secure configuration baselines
    • Operational runbooks and procedures
  • Partners closely with:
    • Information Security and IAM teams
    • Risk, audit, and compliance stakeholders
    • Infrastructure, cloud, and application teams
  • Mentors engineers and reviews designs from a security and risk-first perspective
Education and Experience Required:
  • Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
Education and Experience Preferred:
  • Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search