Sr Lead - Windows server/AD engineering

Windows Server & Active Directory

This role is responsible for creating a robust infrastructure that meets the highest standards of security, scalability, availability, and recoverability while ensuring regulatory compliance. of our financial institution's IT infrastructure.

Key Responsibilities

Architecture & Design

Lead the architectural design and implementation of Windows Server infrastructure and Active Directory services across hybrid cloud environments

Develop and maintain the technical roadmap for Windows Server infrastructure, considering business requirements, security compliance, and industry best practices

Design highly available and disaster recovery solutions for critical infrastructure components

Create and maintain infrastructure-as-code templates for automated deployments using tools like Azure ARM templates, PowerShell, and Terraform

Develop cloud migration strategies and roadmaps for legacy systems.

Should be well familiar with FSMO (Flexible Single Master Operation) along with roles and functionality.

Active Directory & Identity Management

Architect and oversee the implementation of complex Active Directory infrastructure, including multi-forest/multi-domain environments

Design and implement Azure AD Connect synchronization topologies and federation services

Manage the integration between on-premises Active Directory and Azure Active Directory

Develop and maintain Group Policy Objects (GPOs) and security baseline configurations

Implement Privileged Access Management (PAM) and Just-In-Time (JIT) access solutions

AD experience along with management of forest, multi-forest, trees, and domain objects.

Identity & Access Management

Design and implement role-based access control systems across hybrid environments

Architect Single Sign-On (SSO) solutions integrated with enterprise applications

Implement Privileged Identity Management for administrative access

Design conditional access policies for secure remote access

Privileged Access Workstations (PAW) usage and management.

Security & Compliance

Implement advanced security measures including multi-factor authentication, Privileged Access Management, and Just-In-Time access

Ensure infrastructure compliance with financial industry regulations (SOX, PCI-DSS, GLBA)

Design and implement zero-trust security architecture

Maintain security controls for privileged access and identity management

Conduct regular security assessments and implement remediation measures

Design and implement PKI infrastructure and certificate management solutions

Experience in DSC for maintaining consistent server configurations.

Cloud Integration

Lead Azure infrastructure design and implementation initiatives

Develop hybrid connectivity solutions using Azure ExpressRoute and Site-to-Site VPN

Design and implement hybrid backup and disaster recovery solutions

Optimize cloud resource utilization and cost management

Implement cloud security controls and monitoring solutions

Automation & DevOps

Develop & maintain Infrastructure as Code (IaC) solutions using PowerShell, ARM templates, or Terraform

Create automated deployment pipelines for Windows Server workloads

Implement configuration management systems for Windows Server fleet

Develop monitoring and alerting frameworks for hybrid environments

Documentation & Knowledge Transfer

Create comprehensive architectural documentation and diagrams

Develop standard operating procedures for all critical systems

Maintain up-to-date disaster recovery documentation

Create knowledge transfer sessions for operational teams

Team Leadership & Collaboration

Mentor junior team members on infrastructure best practices and emerging technologies

Collaborate with application teams to ensure infrastructure meets application requirements

Work with security teams to implement and maintain security controls

Provide technical leadership in incident response and problem resolution

Partner with vendor teams for solution implementation and support

Required Qualifications

Bachelor's degree in Computer Science, Information Technology, or related field

10+ years of experience in Windows Server infrastructure design and implementation

7+ years of experience with Active Directory design and administration

5+ years of experience with Azure cloud services and hybrid infrastructure

Expert knowledge of PowerShell scripting and automation

Strong understanding of PKI, DNS, DHCP, and other core infrastructure services

Experience with infrastructure-as-code and configuration management tools

Deep knowledge of security best practices and compliance requirements

Preferred Qualifications

Master's degree in relevant field

Microsoft Certified: Azure Solutions Architect Expert

Microsoft 365 Certified: Enterprise Administrator Expert

Experience in financial services industry

Knowledge of container technologies and microservices architecture

Experience with CI/CD pipelines and DevOps methodologies

Familiarity with infrastructure monitoring tools

Background in security architecture or cybersecurity

CISSP or equivalent security certification

Technical Skills

Windows Server 2016/2019/2022

Active Directory Domain Services

Azure Active Directory

Group Policy Management

PowerShell Scripting

Azure Infrastructure Services

Infrastructure as Code (Terraform, ARM templates)

PKI and Certificate Services

Azure ExpressRoute and Site-to-Site VPN

Microsoft System Center Suite

Azure Security Center/Microsoft Defender for Cloud

Azure Monitor and Log Analytics

Backup and Disaster Recovery Solutions