Posted 17 June, 2026
551734
ClifyX
India
Full Time
Reference: 365_594563_26-01032
| Description: L4 Senior Active Directory Engineer (Tiering Model Specialist) Position: Senior Active Directory Engineer – L4 Experience: 7+ years Department: Identity & Access Management (IAM) - reports to Director of Digital Identity Employment Type: T&M Location: Offshore- India Role Overview Experienced L4 Senior Active Directory Engineer with deep expertise in Active Directory (AD) architecture, troubleshooting, security hardening, and Microsoft's Tiering Model. The ideal candidate will have 10+ years of hands-on experience supporting and managing complex enterprise AD environments. This role serves as the highest technical escalation point and plays a key part in ensuring a secure, resilient, and well-governed directory service. Key Responsibilities Active Directory Operations & Troubleshooting • Lead L4 troubleshooting for complex AD issues including replication failures, DNS/AD dependencies, authentication problems, and domain controller health issues. • Perform advanced diagnostics using tools such as dcdiag, repadmin, nltest, klist, and other enterprise utilities. • Drive root cause analysis (RCA) for major incidents and implement long-term fixes. • Conduct regular health checks, operational assessments, and hygiene activities across all domain controllers and AD sites. Create sop's for junior engineers, share best practices and contribute on Ldc consolidation projects and ad improvement project ( gpo cleanup, testing, promoting dc , decommissioning dc) . Tiering Model & Security Hardening • Implement and maintain Microsoft's AD Tiering Model across the enterprise. • Partner with IAM Security teams on privilege segregation, tiered admin boundaries, and hardening initiatives. • Support Privileged Access Workstation (PAW) strategy, administrative isolation controls, and identity attack surface reduction. • Review and update AD GPOs in alignment with corporate security baselines. Architecture, Design & Strategy • Contribute to AD modernization projects including domain controller upgrades, forest/domain redesign, and hybrid identity architecture (Azure AD / Entra ID). • Provide guidance on multi-site AD topology, RODC deployments, site definitions, and secure design principles. • Support lifecycle management, capacity planning, and strategic design improvements. Collaboration & Leadership • Act as the primary L4 escalation point for L1–L3 AD support teams. • Mentor junior and mid-level engineers and promote knowledge-sharing across IAM operations. • Work closely with Security, Network, Cloud, and Infrastructure teams on cross-platform initiatives. • Produce and maintain technical documentation, SOPs, architecture diagrams, and governance materials. Automation & Process Improvements • Automate AD administration tasks using PowerShell and other scripting tools. • Enhance monitoring, alerting, operational baselines, and configuration standards. • Support ITIL processes including Change, Incident, and Problem Management. Required Skills & Experience Technical Expertise • 10+ years of hands-on Active Directory engineering experience in large, complex environments. • Strong knowledge of AD DS, DNS, DHCP, Sites & Services, GPOs, FSMO roles, and domain controller operations. • Expert troubleshooting ability, especially during high-priority incidents (P1/P2). • Deep understanding of the Microsoft AD Tiering Model and directory security best practices. • Experience with multi-domain, multi-forest, and global AD environments including RODCs. • Strong PowerShell scripting and automation capabilities. Security & Governance • Strong understanding of Kerberos, NTLM, authentication flows, and identity security. • Experience implementing privileged separation, secure admin boundaries, and workstation hardening. • Familiarity with AD security auditing and identity threat mitigation. Soft Skills • Excellent communication and cross-team collaboration skills. • Ability to lead and remain composed during critical incidents. • Strong documentation, planning, and analytical skills. Preferred Qualifications • Microsoft Certifications: • Microsoft Certified: Identity and Access Administrator Associate • Microsoft Certified: Cybersecurity Architect Expert(preferred) • Legacy MCSE/MCITP certifications (if applicable) • Experience with Azure AD / Entra ID, ADFS, Conditional Access, and hybrid identity solutions. • Experience with PAM (CyberArk) and PIM for privileged identity governance. | |||
|---|---|---|---|
|
551734 | ||
|
Pan India | ||
|
(No Value) | ||
|
(No Value) | ||
|
(No Value) | ||
|
[email protected] | ||
|
7+ Years | ||
|
AD | ||
|
AD | ||
|
Cybersec | ||
|
HybridOB | ||
|
7- 8 Years | ||
|
NA | ||
|
NA | ||
|
Face to Face | ||
|
Hybrid | ||
|
9 TO 6:15 | ||
|
General |
