×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Lead Active Directory Engineer

Remote / Online - Candidates ideally in
Wilmington, New Castle County, Delaware, 19894, USA
Listing for: M&T Bank
Remote/Work from Home position
Listed on 2026-05-31
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

This role is four days onsite at our Wilmington, DE Tech Hub location, with the flexibility to work from home one day per week

Overview

Responsible for designing, securing, and operating Microsoft Active Directory Domain Services (AD DS) in regulated, high-availability environments. Acts as knowledge resource for and trains less experienced engineers. Completes day-to-day support activities and special projects.

Primary Responsibilities Enterprise Active Directory Architecture

  • Proven expertise supporting large-scale, Tier‑1 identity infrastructures with strict uptime, latency, and change‑control requirements

  • Strong experience with:

  • Multi-domain and multi-forest designs aligned to business units, regions, or regulatory boundaries

  • Forest and external trusts supporting M&A, joint ventures, and third-party integrations

  • FSMO role placement optimized for resilience and auditability

  • Advanced understanding of Active Directory–integrated DNS
    , split‑brain DNS, and secure name resolution models

Hybrid Identity & Microsoft Entra  (Azure AD)

  • Extensive experience integrating on-prem AD with Microsoft Entra in regulated financial environments

  • Hands‑on implementation of:

  • Entra Connect (Cloud Sync and Traditional)

  • Password Hash Sync, Pass‑through Authentication, and Federation

  • Strong experience with:

  • Conditional Access aligned to regulatory and risk‑based controls

  • Hybrid Join, Entra , and legacy device coexistence

  • Understanding of identity lifecycle controls to support joiners, movers, leavers, and separation‑of‑duties requirements

Security, Compliance & Risk Controls

  • Expert‑level knowledge of Active Directory security hardening in financial services, including:

  • Tiered administrative model (Tier 0/1/2)

  • Dedicated admin forests or hardened admin boundaries (where applicable)

  • Privileged Access Workstations (PAWs) / Secure Admin Workstations

  • Experience enforcing least privilege
    , role separation, and dual‑control models

  • Deep familiarity with threats targeting financial institutions:

  • Credential theft, Kerberoasting, Pass‑the‑Hash/Ticket

  • Delegation and ACL abuse

  • Hands‑on experience with:

  • Privileged Identity Management (PIM)

  • Regular access reviews and entitlement recertification

  • Strong alignment with Zero Trust and defense‑in‑depth identity strategies

Regulatory & Audit Readiness

  • Demonstrated experience supporting audits and controls for financial regulations and frameworks, such as:

  • SOX, GLBA, PCI DSS, SOC 2

  • Internal risk management and model governance requirements

  • Ability to design AD environments that support:

  • Strong logging and traceability

  • Tamper‑resistant audit logs

  • Evidence generation for internal and external auditors

Automation & Power Shell

  • Advanced Power Shell expertise for:

  • Controlled, auditable administrative changes

  • Automated provisioning/deprovisioning aligned to compliance workflows

  • Identity reporting for risk, security, and audit teams

  • Experience building automation that integrates with:

  • Change management processes

  • IAM, ticketing, and security tooling

Operations, Resilience & Recovery

  • Deep experience managing:

  • AD replication topology across data centers and regions

  • SYSVOL (DFSR) health and recovery

  • Latency‑sensitive authentication dependencies

  • Strong understanding of:

  • AD backup, recovery, and authoritative restore procedures

  • Identity disaster recovery scenarios with defined RTO/RPO

  • Experience implementing monitoring and alerting with a focus on early risk detection

Leadership & Governance

  • Acts as technical authority and escalation point for all directory and identity services

  • Defines and enforces:

  • Enterprise identity standards

  • Secure configuration baselines

  • Operational runbooks and procedures

  • Partners closely with:

  • Information Security and IAM teams

  • Risk, audit, and compliance stakeholders

  • Infrastructure, cloud, and application teams

  • Mentors engineers and reviews designs from a security and risk‑first perspective

Education and Experience Required
  • Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
Education and Experience Preferred
  • Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems design
  • P…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search