Senior Identity Engineer

The Senior Identity Engineer will play a critical role in a wide role of high-profile projects support Department of Transportation's Active Directory team. The candidate will support implementation and design services for Microsoft Active Directory certificate services, identity, and access management. The candidate will provide support for Windows-based systems across the enterprise, including directory and identity management solutions. Infrastructure and platforms span across on-premises, AWS, AWS FedCloud, and Azure. Resolves and appropriately completes assigned tasks and change requests and acts as an escalation for support issues. Applies new solutions through research and collaboration with team and determines course of action for new application initiatives.  Implements new software solutions as required by the business.  The core infrastructure technology duties include enterprise Microsoft Active Directory, Microsoft Certificate Services, policy configuration, and top-level support for enterprise-wide initiatives.

Full-time Onsite at DOT HQ, Washington DC. Ideal candidate will cover later shift providing support ending sometime between 5pm and 7pm daily. Once every 2-3 months support server infrastructure in a 24x7 on-call escalation capacity as part of a team rotation.

Duties:

• Performs day-to-day activities required to assist and identify technology solutions that meet enterprise requirements. 
• Maps functional requirements into technological requirements and identifies technologies that meet the technological requirements. 
• Conducts proof of concept, pilots and demos for the purposes of evaluating the suitability of given technologies for meeting requirements. 
• Evaluates the tradeoffs between competing solutions and develops quantitative driven analysis of alternatives.  Produces written analysis of research and recommendation papers that clearly describe the process followed, alternatives considered, evaluation criteria and rationale for recommendation and need for improvement.
• Provide enterprise-level support for Active Directory for global initiatives following those through to implementation via collaboration with project and support teams.
• Serves as escalation point for active directory support and troubleshooting, provides guidance and direction in resolution of escalated issues and/or complex production, application, or system problems.
• Serves as a subject matter expert in managing Entra ID including proposing recommendations for architectural improvements, streamlining processes and certificate management, and troubleshooting during outages.
• Will provide technical expertise in driving ad hoc projects including Windows Hello, migration off ADFS, implementation certificate-based authentication (CBA), and implementing multi-factor authentication (MFA) on applications.  
• Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems, and key processes, reviewing system and application logs, and verifying completion of scheduled jobs.
• Install, configure, and maintain Active Directory and third-party software utilities for hardware systems within company operational guidelines.
• Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate troubleshooting steps.
• Improve existing processes through solutions to recurring problems and enhancements to existing solutions or documentation.
• Provide training as required.
• Maintain and update environmental documentation, standard Operating Procedures, and engineering documentation.
• Working closely with counterparts to ensure stable and healthy virtualization platforms.
• Collaborate with Lead to identify, assess, and present solution options for meeting the functional and technical requirements, which may include Hardware and/or software.
• Install, configure, and troubleshoot server systems (i.e., Windows, Linux, Appliances).
• Performs security hardening, patching and server certificate updates. 
• Develops documentation for System Installation Plans and System Administration Guides.
• Perform other tasks as directed by Lead Engineers or Project Manager.

Required Education and Experience: 

• Must have a minimum of 8 years of related experience providing business solutions engineering support, to include architectural design, engineering design, proof of concept development, pilots, analysis, results, and documentation
• Must have extensive knowledge of multi-vendor server operating systems. 
• Demonstrated experience in all aspects of enterprise Windows environment operations and maintenance (O&M) and engineering.
• Microsoft Entra [expert-level] 
• Microsoft Entra certificate-based authentication and conditional access experience [expert-level]
• Microsoft Entra Connect operational experience [expert-level]
• Role Based Access Controls [expert-level]
• Active Directory architecture and management [expert-level]
• PKI, PIV cards, Smart Cards [expert-level]
• Multi-Factor Authentication- Active Directory Federation Services (ADFS), OAuth including app registration, SAML, SSO [expert-level]
• Knowledge in creating, administering, and troubleshooting Group Policies (GPOs) [senior level]
• Scripting Experience: MS Graph/PowerShell and VBScript [senior level]
• Windows Server Operating Systems (2019 to 2022) [expert-level]
• VMware vSphere and Hyper-V Virtualization [mid-level]
• Experience with Microsoft Windows Server 2016, 2019 Administration. Experience with Server 2022 is a plus. 
• Experience with performing root cause analysis, risk identification, and risk mitigation
• Interpersonal skills including the ability to collaborate effectively.

• Demonstrated experience in a fast tempo ITSM support environment.

• Candidate must be a U.S. citizen or green card holder who has resided in the U.S. for at least 3 years and the ability to obtain a public trust.
   

Preferred skills and qualifications:

• MS Intune access experience with Co-Management across MS Intune and SCCM/MECM
• Microsoft Certification(s) including: Windows Server Hybrid Administrator Associate, Endpoint Administrator Associate, Azure Fundamentals,
• Azure Administrator Associate, MS365 Certified Administrator Expert
• Any additional profession IT and Project Management certifications.  
• Knowledge of PKI technologies including DigiCert, Sectigo, KeyFactor, and other certificate issuance and management solutions.