L3 Sys Admin - Azure Active Directory

QUALIFICATIONS & SKILLS

• 5+ years of hands-on experience in Active Directory administration and security.
• 3+ years of experience managing Azure AD and hybrid identity solutions.
• Strong expertise in Semperis Directory Services Protector (DSP) and AD Forest Recovery (ADFR).
• Proficiency in PowerShell scripting for automation and administration.
• Experience with Azure AD Connect, AD Federation Services (ADFS), and authentication protocols (SAML, OAuth, OpenID Connect).
• Familiarity with Azure AD Conditional Access, Identity Protection, and MFA policies.
• Understanding of AD security principles, Kerberos authentication, and NTLM vulnerabilities.
• Hands-on experience with privileged access management (PAM) and identity governance solutions.
• Strong troubleshooting skills in domain controller replication, DNS, DHCP, and GPO management.
• Knowledge of cybersecurity best practices, risk assessments, and compliance standards. Primary Technical and Functional abilities :
• Expert-level knowledge of Azure AD, Active Directory, and hybrid identity architectures.
• Strong experience with Azure AD Connect, ADFS, and SAML / OAuth authentication.
• Proficiency in PowerShell scripting, Graph API, and automation tools.
• Hands-on experience with Azure Identity Governance, PIM, and Conditional Access.
• Familiarity with Microsoft Intune, Endpoint Manager, and Windows Hello for Business. Soft Skills
• Strong problem-solving and troubleshooting skills.
• Excellent communication and documentation abilities.
• Ability to work independently and collaborate with cross-functional teams. Preferred Certifications
• Certifications : Microsoft Certified : Identity and Access Administrator Associate (SC-300), Azure Solutions Architect Expert (AZ-305), or equivalent.
• Experience with IAM solutions such as CyberArk, Okta, or Ping Identity.
• Exposure to SIEM tools (Splunk, Microsoft Sentinel) for log analysis and threat detection.
• Background in incident response, security monitoring, and forensic investigations. Job Description KEY RESPONSIBILITIES : Azure Active Directory & Hybrid Identity Management :
• Administer and support Azure Active Directory (AAD), Active Directory Domain Services (AD DS), and hybrid identity integrations.
• Manage Azure AD Connect, ensuring synchronization and identity federation with on-prem AD.
• Implement and maintain Conditional Access policies, MFA, and SSO configurations.
• Troubleshoot authentication issues, directory sync failures, and identity lifecycle challenges. Semperis Directory Protection & Security :
• Deploy, configure, and maintain Semperis Directory Services Protector (DSP) and Active Directory Forest Recovery (ADFR).
• Monitor Active Directory security events, detect anomalies, and implement preventive measures.
• Conduct real-time monitoring and response to unauthorized AD changes.
• Perform AD incident response and recovery using Semperis ADFR. Active Directory Administration & Troubleshooting :
• Manage AD group policies, DNS, DHCP, and RBAC permissions.
• Perform AD health checks, domain controller replication monitoring, and performance tuning.
• Troubleshoot domain trust issues, Kerberos / NTLM authentication failures, and group policy misconfigurations.
• Support LDAP, PKI, and certificate services within the AD environment. Security & Compliance :
• Ensure compliance with security frameworks (NIST, ISO 27001, HIPAA, GDPR).
• Implement Privileged Identity Management (PIM), Just-In-Time (JIT) access, and role-based access control (RBAC).
• Collaborate with security teams to assess risks, implement security controls, and mitigate threats. Automation & Optimization :
• Develop PowerShell scripts for identity lifecycle automation, reporting, and security auditing.
• Optimize AD performance, replication, and backup strategies.
• Assist in cloud migrations, identity modernization, and Zero Trust implementations.