This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE office.
Who We Are:
Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.
Job Description:
HPE Global IT is a dynamic organization enabling the enterprise to innovate and lead the industry with our consumption-based IT transformation and our consulting, financial, educational, and operational support services. Join us as we develop innovative solutions that revolutionize how we help customers by simplifying their operations and move the world forward.
About our Cybersecurity Team
Are you ready to make an impact with one of the world’s leading technology companies? HPE’s Cybersecurity team is where you can do just that. We’re looking for a highly skilled and motivated Senior Active Directory (AD), Entra ID Engineer to join our global Cybersecurity organization. If you’re passionate about modernizing enterprise directory services, securing hybrid identity environments, and driving Zero Trust and cloud identity adoption, this is the role for you.
What you’ll do:
About the Role
We are seeking a highly skilled Senior Active Directory (AD), Entra ID Engineer with 10+ years of IT or cybersecurity experience, including 7+ years focused on AD, Entra ID, and Azure identity engineering in enterprise-scale environments. This role is critical to designing, implementing, and securing hybrid identity infrastructures that enable Zero Trust, cloud transformation, and regulatory compliance. You will take ownership from technical design through deployment and optimization, ensuring secure, automated, and scalable identity solutions across complex global environments.
Key Responsibilities
Technical Design & Engineering
- Engineer, deploy, and optimize Active Directory, Entra ID, and Azure identity services across enterprise-scale hybrid environments.
- Design and manage multi-forest AD architectures, including schema extensions, replication, delegation, and hardening.
- Implement and maintain cross-domain and cross-tenant synchronization between AD and Entra ID using Entra Connect or Cloud Sync.
- Engineer secure authentication and federation flows leveraging Kerberos, NTLM, SAML, OIDC, and OAuth2.
- Implement and enhance conditional access, MFA, passwordless, and FIDO2 authentication methods in Entra and Azure environments.
- Support Zero Trust Directory Security through tiered administration, least privilege, and delegated access controls.
- Partner with cloud and infrastructure teams to ensure secure integration of Azure resources with enterprise identity services.
Operations & Integration
- Maintain and secure domain controllers, DNS, DHCP, and Group Policy Objects (GPOs) across global environments.
- Manage Azure AD tenants, subscriptions, and resource access controls (RBAC, PIM, Entra roles).
- Integrate on-prem AD with Azure workloads, Microsoft 365, Intune, and other SaaS applications.
- Automate operational tasks using PowerShell, Graph API, and Azure Automation.
- Support incident response, directory health checks, replication analysis, and disaster recovery procedures.
- Collaborate with IAM, PAM, and Cloud Security teams to align identity operations and cloud governance.
Security & Compliance
- Implement and maintain security baselines, privileged access models, and directory hardening for both AD and Azure environments.
- Conduct periodic reviews of GPOs, ACLs, and admin rights to prevent privilege escalation and lateral movement.
- Integrate directory and Azure logging with SIEM/SOAR platforms for continuous monitoring and anomaly detection.
- Ensure directory and Azure controls meet regulatory and audit requirements (SOX, FedRAMP, ISO 27001, etc.).
- Collaborate with cybersecurity architects to evaluate and mitigate identity-related vulnerabilities.
Collaboration & Continuous Improvement
- Work with enterprise architects, IAM, and cloud teams to align directory and Azure services with enterprise identity strategy.
- Drive modernization and automation of directory and Azure identity operations.
- Provide technical mentorship and guidance to junior engineers and peer teams on AD, Entra, and Azure identity practices.
- Contribute to roadmap planning, documentation, and adoption of new Azure identity and governance features.
What you need to bring:
Education & Experience Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
- 10+ years of IT or cybersecurity experience, including 7+ years focused on AD, Entra ID, and Azure identity engineering in enterprise-scale environments
- Deep hands-on experience managing multi-forest AD environments (schema, replication, delegation, GPOs, DNS, DHCP).
- Strong expertise with Entra ID and hybrid identity integration (Entra Connect / Cloud Sync, federation, SSO).
- Hands-on experience with Azure governance, RBAC, PIM, and access policy enforcement.
- Experience implementing conditional access, passwordless, and phishing-resistant MFA in Entra and Azure.
- Proficiency in PowerShell scripting, Graph API, and Azure automation for identity management and reporting.
- Solid understanding of authentication protocols (Kerberos, NTLM, LDAP, SAML, OIDC, OAuth2).
- Familiarity with Zero Trust, tiered admin models, and directory hardening practices.
- Experience with directory and cloud security tools (PingCastle, Netwrix, Microsoft Defender for Identity, Entra ID Governance).
Preferred Certifications:
Microsoft Certified: Identity and Access Administrator Associate, Entra ID Support Engineer, Azure Administrator Associate, or equivalent.
Additional Skills:
What We Can Offer You:
Health & Wellbeing
We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.
Personal & Professional Development
We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.
Unconditional Inclusion
We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.
Let's Stay Connected:
Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.
Job:
Information TechnologyJob Level:
TCP_04
HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity.
Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.
HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.
