×
Register Here to Apply for Jobs or Post Jobs. X

Active Directory Specialist

Job in San Francisco, San Francisco County, California, 94199, USA
Listing for: HCLTech
Full Time position
Listed on 2026-07-17
Job specializations:
  • IT/Tech
    Systems Engineer, Cybersecurity, Windows Server
Salary/Wage Range or Industry Benchmark: 150000 - 190000 USD Yearly USD 150000.00 190000.00 YEAR
Job Description & How to Apply Below

Job Role:

L3 Active Directory Engineer / AD SME

Location:

SFO, CA (Hybrid)

Experience:

7–12+ years

Domain:
Identity & Access Management, Windows Infrastructure

Job Description:

L3 Engineer / SME – Active Directory (On‑Premise) Role Summary

We are looking for a highly skilled L3 Active Directory (On‑Premise) SME with deep experience in designing, managing, and troubleshooting complex AD environments. The candidate will be the highest escalation point for AD issues, lead architectural improvements, perform RCA, and ensure AD security, availability, and performance in a large enterprise environment.

Key Responsibilities
  • Serve as the top‑tier escalation for Active Directory and Windows infrastructure issues.
  • Troubleshoot complex authentication, replication, DNS, GPO, policy processing, and trust issues.
  • Perform advanced RCA, log analysis, and performance debugging.
  • Develop L3 SOPs, KB articles, scripts, and automation for operations teams.
Active Directory Administration & Architecture
  • Oversee FSMO roles, domain controllers (DC health), AD sites, replication topology.
  • Install, upgrade, and harden domain controllers (physical/virtual).
  • Implement AD schema updates, forest/domain functional level upgrades.
  • Perform AD migration, consolidation, restructuring, and domain/forest trust design.
DNS, DHCP, & Windows Core Infrastructure
  • Troubleshoot AD‑integrated DNS issues (zones, scavenging, forwarding, delegation).
  • Manage and secure DHCP scopes, reservations, failover.
  • Deep understanding of Kerberos, NTLM, LDAP, LDAPS, SPNs, tickets, token bloat.
  • Ensure GPO performance tuning, inheritance control, WMI filters, controlled rollouts.
Security & Hardening
  • Implement AD security baselines, CIS benchmarks, and Microsoft security best practices.
  • Periodically audit domain controllers, replication, delegations, privileged groups.
  • Manage tiered admin model, least privilege, Just‑In‑Time (JIT) & Just‑Enough‑Administration (JEA).
  • Enforce password policies, PAM/Privileged Identity controls, and secure service account management.
  • Perform logs and event analysis through SIEM (Splunk, Sentinel, QRadar).
High Availability & DR
  • Build and validate disaster recovery procedures for AD, DNS, and DHCP.
  • Maintain backup/restore strategies using tools like AD Recycle Bin, Authoritative Restore, System State, VM snapshots.
  • Ensure site resiliency, replication health, and multi‑site availability.
Automation & Scripting
  • Automate AD operations using Power Shell (mandatory).
  • Build scripts for group management, GPO backup/restore, ACL/permissions, health monitoring & reporting.
Integration & Identity Services
  • Expertise integrating AD with ADFS, SSO solutions, LDAP‑based applications, PKI/Certification Services.
  • Understand hybrid identity dependencies (even though this role is on‑prem focused).
Required

Skills & Qualifications
  • 7–12+ years hands‑on experience in enterprise Active Directory environments.
  • Deep knowledge of DNS, DHCP, Sites & Services, Kerberos, LDAP, GPO, trusts, replication.
  • Experience troubleshooting large, distributed Windows Server infrastructures.
  • Experience implementing AD hardening, security baselines, RBAC delegation.
  • Knowledge of backup/restore and DR strategies for domain controllers.
  • Strong understanding of networking fundamentals (TCP/IP, firewall rules, ports).
Preferred Skills
  • Experience with Azure AD and hybrid identity models.
  • Experience with IAM/PAM tools (Delinea, Cyber Ark, Beyond Trust).
  • Familiarity with virtualization (VMware/Hyper‑V).
  • Experience with enterprise SIEM and security monitoring tools.
Disclaimer

HCL is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to  for investigation.

Compensation

and Benefits

A candidate’s pay within the range will depend on their work location, skills, experience, education, and other factors permitted by law. This role may also be eligible for performance‑based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program;

401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need‑based leave with no designated number of leave days per year); and 10 paid holidays per year.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary