Active Directory Engineer

About the opportunity:New Era Technology is seeking an experienced Active Directory (AD) engineer to supplement the existing team and provide IAM strategy recommendations. The candidate must have a strong background in designing, building, and maintaining complex global directory environments. This position is hybrid role 40% in office 60% remote. Office locations Bedford, MA, Atlanta, GA, San Diego, CA or Waukesha, WI.The candidate will be able to successfully perform the following activities:Engineering, deploying, operationalizing, maintaining, and supporting tools associated with AD.Contributing to the engineering and support of AD as needed.Communicating service directions, feature, and roadmaps.Providing technical leadership to others with less knowledge or experience.Assist with currency and patching.Liaising with, training, and supporting operational teams.Participate in ad-hoc incident response for Active Directory/Active Directory platforms, when needed.Assist in technology evaluations and guiding proof of concepts.Participate in solution design discussions.Assist with remediating prioritized vulnerabilities in AD.Assist with disaster recovery planning for AD.Make recommendations for improving and securing the AD environment.Provide IAM strategy recommendations.Required SkillsSenior and experienced AD Engineer (5-7 years) with some Large Enterprise Experience.5+ years of experience in directory services engineering.2+ years in IAM strategy.Manufacturing experience.Good understanding of AD security.Experience with implementing and maintaining AD Tools:Microsoft ATA/AATP/Defender for Identity.Microsoft ADRES (AD Recovery Execution Service).Quest tools e.g., Change Auditor; Recovery Manager (RMAD); Enterprise Reporter; Migrations Manager (or Binary Tree's products).Alternative vendor tools that fall into the same area.Experience with processes:e.g., Supporting SOC.e.g., Periodic recovery testing of AD.Experience of AD Business Continuity and Disaster Recovery Planning and testing processes.Experience with the following AD capabilities:Microsoft Defender Credential Guard.Kerberos and insecure authentication protocols (e.g., NTLM etc.).Group Policy Preferences administration for local administration accounts.Local Security Authority.Domain Control Communications Digital Signing.SID History Reporting.Microsoft's Rapid Modernization Plan (RAMP) experience.OU Design.UEBA.MFA for Domain Administrators.Spooler Service Management Security.Object-Time to Live ("TTL") Auditing and Monitoring.Link-Local Multicast Name Resolution ("LLMNR").Operationalizing Forest Level Backups.Ransomware defense for directory services.Domain administration script signing.Powershell auditing and logging.Excellent interpersonal communication skills with strong spoken and written English.Organizational skills with attention to detail.Business outcomes mindset.Solid balance of strategic thinking with detailed orientation.Collaborative team worker – both in person and virtually using MS Teams or similar.Self-starter, ability to take initiative.Flexibility to accommodate working across different time-zones.Preferred Qualifications:SAP Access Control.CISSP, CISM, or equivalent certification a plus.Required EducationBachelor's degree (BA/BS) from four-year college or university; or equivalent training, education, and work experience.About Us:New Era Technology is a community of like-minded, like-hearted people who share the same vision and values: Community, Integrity, Agile, and Committed.These visions and values tie into our daily work, to serve as a trusted technology adviser to our customers. Often a single project leads to a long-lasting partnership where we have the continued privilege of helping our customers deliver valuable technology solutions that improve efficiencies and experiences to their employees and customers.EEO Statement:New Era Technology is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, marital status, national origin, genetics, disability, age, or veteran status.

#J-18808-Ljbffr