Directory Services Engineer

• Ensure directory services platforms are secure, compliant, resilient, and highly available.
• Maintain performance, availability, and resilience of Tier 0 and Tier 1 identity systems.
• Proactively monitor systems for performance, stability, and reliability.
• Protect privileged identities by enforcing least‑privilege principles using RBAC, ACLs, and Just‑In‑Time access.
• Support security, compliance, and regulatory audits.
• Participate in incident response activities, including off‑hours support as required.

• Lead and support the integration, lifecycle management, and engineering of identity and security platforms.
• Collaborate with application development teams and end users to resolve incidents and complete service requests.
• Provide technical leadership and guidance to operational support team members.
• Support architectural decisions related to identity, authentication, authorization, and platform resilience.

• Coordinate platform maintenance, upgrades, and operational support activities.
• Develop and maintain technical documentation, scripts, code repositories, and training materials.
• Ensure proper knowledge transfer, documentation, and operational readiness during platform changes and upgrades.
• Support ongoing operational improvements through documentation and process refinement.

• 7+ years of professional experience in Directory Services and/or Identity & Access Management (IAM).
• Deep understanding of Active Directory Domain Services (AD DS) architecture, including forests, domains, trusts, FSMO roles, replication, and multi‑site topology.
• Hands‑on experience integrating with IAM platforms such as Saviynt, Microsoft Entra ID (Azure AD), SailPoint, Okta, and PingFederate.
• Strong knowledge of LDAP concepts, schema extensions, and directory query optimization.
• Experience with PKI and certificate lifecycle management, including CRLs, NDES/SCEP, and AD‑integrated certificate services.
• Proficiency in scripting and automation (PowerShell, Bash, Python, Ansible).
• Strong experience designing and managing Group Policy Objects (GPOs).
• Extensive experience with cloud platforms (AWS, Azure) and service models (IaaS, PaaS, SaaS), including cloud networking concepts.
• Excellent written and verbal communication skills.

• Experience managing directory platforms such as Active Directory, eDirectory, and Radiant Logic (FID/SaaS).
• Familiarity with CI/CD pipelines and Infrastructure‑as‑Code tools (e.g., Terraform).
• Experience with Microsoft Entra Conditional Access and Entra Connect.
• Knowledge of Privileged Access Management (PAM) solutions.
• Strong understanding of authentication and authorization principles.
• Experience with ITSM platforms (ServiceNow).
• Hands‑on knowledge of SSO and federation standards (SAML 2.0, OAuth 2.0, OIDC).
• Proven troubleshooting skills grounded in engineering best practices.
• Familiarity with Agile methodologies (Scrum, SAFe, Kanban).
• Experience with monitoring platforms and tuning alerts for performance, availability, and connectivity.
• Broad systems engineering experience including DNS, DHCP, TCP/IP, clustering, SIEM, IIS/Tomcat, virtualization (VMware/Hyper‑V), and load balancing (F5, NLB, ALB).

Alight