Senior Active Directory Engineer
DESE Research, Inc., Huntsville, AL, United States
DESE is seeking a Senior Active Directory Engineer in Huntsville, AL. The Senior Active Directory Engineer serves as the subject matter expert for the design, implementation, and maintenance of a robust on‑premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment, ensuring high availability and seamless authentication across the enterprise. You will lead forest‑level migrations, disaster recovery planning, and the hardening of AD objects against modern security threats.
Responsibilities:
Design and deploy multi‑forest/multi‑domain AD architectures, including Site and Services optimization for low‑latency authentication.
Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations.
Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols.
Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).
Establish and regularly assess AD‑specific backup and restoration procedures (Authoritative vs. Non‑authoritative restores).
Maintain the health of AD‑Integrated DNS, ensuring proper zone replication and scavenging.
Proactively monitor replication topology, roles, and health using tools like PowerShell, SCOM, or specialized AD auditing software.
Required Qualifications:
Bachelor's Degree in network engineering, Computer Science, or a related technical field.
Must possess (or be able to obtain) a DoD Top Secret Clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph and willingness to meet Special Access Program (SAP) eligibility requirements.
Must possess an active CompTIA Security+ CE, ISC2 SSCP, or equivalent baseline certification.
Deep understanding of FSMO Roles, Global Catalogs, and Active Directory Partition structures.
Advanced proficiency in PowerShell for automating bulk object changes, reporting, and environment health checks.
Strong grasp of TCP/IP, DNS, and Firewall requirements essential for AD communication across segmented networks.
Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).
Preferred Qualifications:
Active DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph with willingness to meet Special Access Program (SAP) eligibility requirements.
Microsoft Role‑Based Certifications (e.g., AZ‑800/801).
Deep knowledge of STIG (Security Technical Implementation Guides) compliance.
Why employees love working for DESE:
Competitive health, dental and vision insurance with affordable premiums
Flexible work schedules
Two different flexible spending account options
Company paid life insurance with options for employee paid additional
Performance bonus program
Education reimbursement program
Company paid personal leave for approved philanthropic activities
Vacation, Sick & Holiday leave
Robust 401k profit sharing plan
Opportunities for internal promotions
Employee referral incentive program
Rewards and gifts for service anniversaries
Disability Accommodation for Applicants – DESE Research, Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the following alternative email address or phone number to contact us about your interest in employment with us: hrandsecurity@dese.com or 256-837-8004x123.
#J-18808-Ljbffr
Responsibilities:
Design and deploy multi‑forest/multi‑domain AD architectures, including Site and Services optimization for low‑latency authentication.
Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations.
Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols.
Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).
Establish and regularly assess AD‑specific backup and restoration procedures (Authoritative vs. Non‑authoritative restores).
Maintain the health of AD‑Integrated DNS, ensuring proper zone replication and scavenging.
Proactively monitor replication topology, roles, and health using tools like PowerShell, SCOM, or specialized AD auditing software.
Required Qualifications:
Bachelor's Degree in network engineering, Computer Science, or a related technical field.
Must possess (or be able to obtain) a DoD Top Secret Clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph and willingness to meet Special Access Program (SAP) eligibility requirements.
Must possess an active CompTIA Security+ CE, ISC2 SSCP, or equivalent baseline certification.
Deep understanding of FSMO Roles, Global Catalogs, and Active Directory Partition structures.
Advanced proficiency in PowerShell for automating bulk object changes, reporting, and environment health checks.
Strong grasp of TCP/IP, DNS, and Firewall requirements essential for AD communication across segmented networks.
Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).
Preferred Qualifications:
Active DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph with willingness to meet Special Access Program (SAP) eligibility requirements.
Microsoft Role‑Based Certifications (e.g., AZ‑800/801).
Deep knowledge of STIG (Security Technical Implementation Guides) compliance.
Why employees love working for DESE:
Competitive health, dental and vision insurance with affordable premiums
Flexible work schedules
Two different flexible spending account options
Company paid life insurance with options for employee paid additional
Performance bonus program
Education reimbursement program
Company paid personal leave for approved philanthropic activities
Vacation, Sick & Holiday leave
Robust 401k profit sharing plan
Opportunities for internal promotions
Employee referral incentive program
Rewards and gifts for service anniversaries
Disability Accommodation for Applicants – DESE Research, Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the following alternative email address or phone number to contact us about your interest in employment with us: hrandsecurity@dese.com or 256-837-8004x123.
#J-18808-Ljbffr