FreshRemote.Work

Active Directory Architect

Blacksburg, Virginia, Fully Remote, Hybrid

Job Description

Collaborative Computing Solutions within Virginia Tech is seeking a skilled Active Directory Architect with a strong security focus to join our team. This role will lead the design, development, and support of a secure, large-scale Active Directory (AD) and Entra ID (formerly Azure AD) environment. The architect will enhance the security posture of our directory services, ensuring compliance with IAM best practices and contributing to the organization’s overall cybersecurity strategy.

Please note: Sponsorship is not available for this position. 

Responsibilities
• Active Directory and Entra ID Architecture and Security: Lead the design and implementation of secure AD and Entra ID environments, ensuring adherence to security best practices and organizational compliance requirements.
• Identity and Access Management (IAM): Architect, implement, and manage IAM solutions, including authentication protocols (SAML, OAuth, OIDC, Kerberos) and privileged access management (PAM\PIM).
• Policy Development and Compliance: Establish and maintain security policies for directory services, ensuring compliance with regulations such as FERPA and aligning with security frameworks like Zero Trust.
• Security Auditing and Monitoring: Regularly conduct security audits of AD and Entra ID; analyze security logs, identify vulnerabilities, and lead incident response efforts to mitigate threats.
• IAM Roadmap and Strategy Development: Develop and maintain an IAM roadmap, ensuring alignment with organizational goals, evolving security standards, and emerging threats.
• Technical Leadership and Collaboration: Provide technical leadership on AD/Entra ID security matters, collaborate with operational teams to enhance security practices, and reduce drift in directory services.
• Automation and Tool Development: Utilize scripting tools such as PowerShell and Microsoft Graph API to automate tasks and enhance security monitoring and reporting capabilities.
• Documentation and Knowledge Transfer: Create and maintain documentation for all technical processes and contribute to training materials and knowledge base articles to ensure effective knowledge transfer.
• Incident Response and Remediation: Lead incident response activities related to identity-based security events, including vulnerability assessments, patch management, and security remediations.

Required Qualifications

• Master's degree in computer science, information systems, IT-related field, or a combination of education, training, and/or work experience equivalent to a Master’s degree
• Significant experience in global IT infrastructure, with extensive experience in AD/Entra ID architecture, including design, deployment, and optimization of complex directory environments.
• Proven experience planning, creating and running complete Microsoft Active Directory solutions.
• Demonstrated experience in conducting security audits and hardening of AD environments, implementing secure Group Policies (GPOs), configuring Azure AD Conditional Access policies, and managing privileged access through tools like Azure AD Privileged Identity Management (PIM) to reduce security risks and enforce compliance. Strong scripting and automation skills, particularly with PowerShell and Microsoft Graph API.
• Experience with cybersecurity auditing, remediation, and IAM best practices.
• Strong problem-solving, communication, and analytical skills, with the ability to collaborate across different teams and time zones.

Preferred Qualifications

• Certifications such as CISSP, Azure Security Engineer Associate, Microsoft Certified Identity and Access Administrator, CCSP, or CISM.
• Proven experience in architecture and configuration of AD for stable, secure, and scalable solutions.
• Demonstrated experience with privileged access management (PAM), role-based access control (RBAC), and policy-based access control (PBAC).

 

Appointment Type

Regular

Salary Information

$80,000 - $120,000

Review Date

11/20/2024

Additional Information

The successful candidate will be required to have a criminal conviction check.

About Virginia Tech

Dedicated to its motto, Ut Prosim (That I May Serve), Virginia Tech pushes the boundaries of knowledge by taking a hands-on, transdisciplinary approach to preparing scholars to be leaders and problem-solvers. A comprehensive land-grant institution that enhances the quality of life in Virginia and throughout the world, Virginia Tech is an inclusive community dedicated to knowledge, discovery, and creativity. The university offers more than 280 majors to a diverse enrollment of more than 36,000 undergraduate, graduate, and professional students in eight undergraduate colleges, a school of medicine, a veterinary medicine college, Graduate School, and Honors College. The university has a significant presence across Virginia, including the Innovation Campus in Northern Virginia; the Health Sciences and Technology Campus in Roanoke; sites in Newport News and Richmond; and numerous Extension offices and research centers. A leading global research institution, Virginia Tech conducts more than $500 million in research annually.

Virginia Tech endorses and encourages participation in professional development opportunities and university shared governance.  These valuable contributions to university shared governance provide important representation and perspective, along with opportunities for unique and impactful professional development.

Virginia Tech does not discriminate against employees, students, or applicants on the basis of age, color, disability, sex (including pregnancy), gender, gender identity, gender expression, genetic information, ethnicity or national origin, political affiliation, race, religion, sexual orientation, or military status, or otherwise discriminate against employees or applicants who inquire about, discuss, or disclose their compensation or the compensation of other employees or applicants, or on any other basis protected by law.

If you are an individual with a disability and desire an accommodation, please contact IT Human Resources at ITHR@vt.edu during regular business hours at least 10 business days prior to the event.

Apply

Job Profile

Regions

North America

Countries

United States

Restrictions

Sponsorship not available

Benefits/Perks

Fully remote Hybrid work Inclusive community Professional development opportunities

Tasks
  • Automate tasks with scripting
  • Conduct security audits
  • Design and implement secure AD and Entra ID environments
  • Develop security policies
  • Lead incident response activities
  • Manage IAM solutions
Skills

Active Directory Automation Communication Compliance Cybersecurity Entra ID IAM Kerberos Microsoft Graph API OAUTH OIDC Organizational PAM PIM PowerShell Problem-solving SAML Security auditing Zero-Trust

Experience

5 years

Education

Master's degree

Certifications

Azure Security Engineer Associate CCSP CISM CISSP Microsoft Certified Identity and Access Administrator

Timezones

America/Anchorage America/Chicago America/Denver America/Los_Angeles America/New_York Pacific/Honolulu UTC-10 UTC-5 UTC-6 UTC-7 UTC-8 UTC-9