Lead Active Directory Engineer

This role is

four

days onsite at our Wilmington, DE Tech Hub location, with the flexibility to work from home one day per week
Overview:

** **

Responsible for designing, securing, and operating Microsoft Active Directory Domain Services (AD DS) in regulated, high-availability environments. Acts as knowledge resource for and trains less experienced engineers. Completes day-to-day support activities and special projects.
Primary Responsibilities:

Enterprise Active Directory Architecture
Proven expertise supporting

large-scale, Tier‑1 identity infrastructures

with strict uptime, latency, and change‑control requirements

Strong experience with:

Advanced understanding of

Active Directory–integrated DNS

, split‑brain DNS, and secure name resolution models

Hybrid Identity & Microsoft Entra ID (Azure AD)
Extensive experience integrating on-prem AD with

Microsoft Entra ID

in regulated financial environments

Hands-on implementation of:

Strong experience with:

Understanding of

identity lifecycle controls

to support joiners, movers, leavers, and separation-of-duties requirements

Security, Compliance & Risk Controls
Expert-level knowledge of

Active Directory security hardening

in financial services, including:

Experience enforcing

least privilege

, role separation, and

dual‑control

models

Deep familiarity with threats targeting financial institutions:

Hands-on experience with:

Strong alignment with

Zero Trust

and defense-in-depth identity strategies

Regulatory & Audit Readiness
Demonstrated experience supporting audits and controls for financial regulations and frameworks, such as:

Ability to design AD environments that support:

Automation & PowerShell
Advanced

PowerShell

expertise for:

Experience building automation that integrates with:

Operations, Resilience & Recovery
Deep experience managing:

Strong understanding of:

Experience implementing

monitoring and alerting

with a focus on early risk detection

Leadership & Governance
Acts as

technical authority and escalation point

for all directory and identity services

Defines and enforces:

Partners closely with:

Mentors engineers and reviews designs from a

security and risk-first

perspective

Education and Experience Required:

Bachelor’s degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience
Education and Experience Preferred:

Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems design

Proven experience with the development and customization of tools utilized in assigned Cybersecurity function

Demonstrated ability to translate architecture into technical requirements

Proficient level of critical thinking and problem solving ability

Excellent communication and interpersonal skills

Experience partnering with leaders to design solutions to business needs.

Proficient persuasive communication skills to gain buy-in of others

Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources

Ability effectively serves in indirect leadership role

#LI-JB3 #Hybrid
M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $128,100.00 - $213,500.00 (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation.
Location

Wilmington, Delaware, United States of America

#J-18808-Ljbffr