Job
Description
Req ID: 339179
We are currently seeking a Systems Engineering Advisor to join our team in Noida, Uttar Pradesh (IN-UP), India (IN). Systems Engineering Advisor Active Directory/Azure AD
Role Overview
The NTT DATA Services Security organization is looking for talented security-oriented Systems Engineering Advisor with strong Active Directory/Azure AD/Identity skills. This role will be part of a larger dedicated security team dedicated to supporting, troubleshooting, upgrading Active Directory, Azure AD and related Identity technologies. Role Responsibilities
Active Directory designing, Architecture Solutions, Integration with platforms & ApplicationsDevelop an architecture of directory solutions for Windows, Unix, and related platformsExperience in consolidations of multiple forest and domains and demonstrated understanding on User accounts, machine accounts, GPOsUnderstand the requirement and create a migration plan for any services i.e. DNS, DHCP, and Certificate Services (PKI) etc.Analyzing the requirement and design a solution to fulfil the requirement with zero impact to other platformsDevelop a power shell scripting with AD modules or VB .Net based on the requirementsManage Azure active directory design, Architect Solutions, Integration with platforms & Applications and AD connector to AzureAuditing the security logs and integrating with SIEMConducting POC with multiple vendors for AD solutions and prepare detailed test cases. Create a clear recommendation document with pros and cons for senior managementVulnerability Assessment and Management related to Active Directory, DNS & Windows platformsActive Directory consolidations including application integration working with application teamsRecommend security best practices to achieve stated business objectives, advises on risk assumptions for any variances granted, and provides alternatives to achieve desired end results
Required Qualifications
Minimum 10 years relevant experience in Architecture and designing, solutions & Migrating Active Directory, Azure AD, Windows & End pointsStrong Demonstrated experience with Active Directory migration tool or equivalent and consolidation of Global Forest and Domains. Hands on experience in successful consolidation of AD Forests and DomainsMust have hands-on experience working on Azure AD (Azure Active Directory)Extensive Experience working as Azure Admin for enterprise Active Directory setup and maintenanceStrong experience in AD Trusts, two-way Trusts and one-way Trusts and deep knowledge of Active Directory Schemas and meta dataStrong Knowledge on Azure AD Identity Management & Integration with on premiseStrong knowledge of Azure Active Directory technologies, including authentication models, federation, Multifactor Authentication (MFA), conditional access policies and other relevant capabilities.Knowledge of best practices in AD/Azure Privileged access management and modern AD/Azure Secured Administration practicesStrong PowerShell scriptingStrong Knowledge on IAM disciplines like PIM and Privilege Administrative Accounts PAM solutions such as CyberArkGood knowledge on ADFS and Azure AD sync connectorsStrong familiarity with DNS Active Directory integrated, partitions and Infoblox & DHCP systems and Migration of services from Active Directory any platformDemonstrated knowledge and experience in AD assessment in terms of OU delegation, GPOs, permission etc.,Expertise in Active Directory versions 2003, 2008R2, 2012R2 & 2016, 2019 and Azure Active DirectoryGood knowledge and hands on experience in setting up lab based on the solution requirementsDemonstrated working knowledge and hands on experience in AD disaster recovery, Replication issues and resolution using tools such as repadminDemonstrated experience in writing and applying GPOs, especially related to domain consolidationsGood Knowledge on Active Directory & windows audit logs and levels and SIEM integration Good knowledge on Networking, firewalls, including host firewalls, DNS, DHCP, DFS & Network load balancers and Secure Global Directory or Secure LDAPGood knowledge on Cryptography, certificates, PKI, symmetric, asymmetric keys, Encryption & hash algorithmsGood knowledge on AD authentication protocols Kerberos, NTLM, LDAP, LDAPS & LDAP-Start TLSGood knowledge on Network log capturing & analyzing the network packet captures through the tools Wireshark, Tshark, Microsoft NM etc.,Good knowledge on application integration with LDAP & Kerberos i.e. Keytab, krb5 etc.,Good knowledge on AD migration tools like ADMT, Quest etc., knowledge on AD trusts, forest, domain tree structures, sites, DNS, GPOs, OU, FRS, DFSR.Good knowledge on any Identity & Access Management tools like FIM, MIM, OIM, Quest etc.,Exposure to SAML, OAuth, OpenID and other security/IAM related standardsStrong hands-on familiarity with host-based security solutions, Forensic & Investigation agents, and Compliance scanning and reporting, Hardening Active DirectoryKnowledge of single sign-on, federation, active directory/LDAP, Kerberos/NTLM authentication & integrated Windows authenticationGood knowledge on Identity management and Role based access control, attribute-based access control & entitlement managementGood knowledge on power shell scripting with AD modules or VB .Net and ability to write scripts based on the requirementExcellent communication skills, especially verbal and writtenGood documentation skills to write a design & configuration documents version controlsExcellent Interpersonal skill and ability to work as part of a teamHome office for remote workAbility to work some weekends and late nights performing approved changesITIL V3 or later experience, experience in writing change request and attending Change Advisory Boards (CAB) meetingExperience with Security Controls and compliance
