Solutions Architect - AD/Entra Architect

Job Description and Responsibilities

TI is seeking a senior AD and Entra architect to lead the design and evolution of our enterprise identity infrastructure supporting both IT and OT environments. This role will architect and optimize Active Directory and Microsoft Entra ID (Azure AD) solutions that serve as the backbone for identity management across our global organization, supporting 50,000+ users and complex hybrid cloud deployments. You will design scalable identity solutions while ensuring seamless integration between on-premises legacy systems, modern cloud applications, and increasingly critical operational technology environments.

Key responsibilities will be as follows:

• Design and implement enterprise-scale Active Directory forest architectures, including multi-domain topologies, trust relationships, and site replication strategies
• Architect Microsoft Entra ID tenant configurations supporting hybrid identity scenarios, conditional access policies, and zero-trust security models
• Develop and enforce identity governance frameworks including role-based access control (RBAC), privileged identity management (PIM), and lifecycle management processes
• Design secure authentication and authorization patterns for enterprise applications, including SAML, OAuth 2.0, OpenID Connect, and Kerberos implementations
• Partner with cybersecurity, infrastructure, and application teams to establish identity security standards and access management best practices
• Evaluate and integrate emerging identity technologies to enhance user experience while maintaining security posture
• Lead cross-functional identity modernization initiatives, including legacy application migration and cloud-first identity strategies
• Provide technical leadership and mentoring to identity engineering teams across global locations
• Establish monitoring and governance frameworks to ensure identity infrastructure performance, compliance, and security metrics

Experience Requirements:

• Overall 8+ years of experience in identity and access management, systems architecture, or related enterprise infrastructure roles
• Minimum 5+ years of hands-on experience architecting and managing Active Directory in enterprise environments (10,000+ users)
• Minimum 3+ years of experience with Microsoft Entra ID (Azure AD) architecture and hybrid identity implementations

Expertise/Required Skills:

Deep expertise in the following:

• Active Directory Domain Services (AD DS) architecture including:
  • Multi-forest and multi-domain design patterns
  • Site topology optimization and replication management
  • Group Policy architecture and delegation models
  • Trust relationships and cross-forest authentication
• Microsoft Entra ID (Azure AD) advanced configurations including:
  • Hybrid identity with Azure AD Connect/Cloud Sync
  • Conditional Access policy design and implementation
  • Privileged Identity Management (PIM) and Identity Governance
  • Application integration patterns and enterprise application gallery
• Identity federation protocols and standards (SAML 2.0, OAuth 2.0, OpenID Connect, WS-Federation)
• Certificate-based authentication and PKI integration with identity services

Enterprise identity management:

• Identity lifecycle management and automated provisioning/deprovisioning
• Role-based access control (RBAC), Attribute-based access control (ABAC) & Policy based-access control (PBAC) models
• Single Sign-On (SSO) architecture for SaaS, on-premises, and hybrid applications
• Multi-factor authentication (MFA) strategy and implementation across diverse application portfolios
• Directory synchronization patterns and identity data governance
• Operational Technology (OT) identity management experience:
  • Access management for industrial control systems (SCADA, DCS, PLCs)
  • Understanding of OT network segmentation and air-gapped environment challenges
  • Experience with OT-specific authentication protocols and legacy system integration
  • Hardening & segregation of legacy OT systems, services & data avoiding downtime or disruptions

Technical architecture skills:

• PowerShell, Microsoft Graph API, and Azure CLI for identity automation
• Directory services protocols (LDAP, LDAPS, Kerberos, NTLM)
• Network architecture understanding for identity services (DNS, firewalls, load balancers)
• Windows Server infrastructure and enterprise-scale system administration
• Cloud architecture patterns in Azure, with understanding of other major cloud platforms

Leadership and communication:

• Proven ability to influence technical decision-making across global, cross-functional teams
• Exceptional communication skills to translate complex identity concepts for business stakeholders
• Experience mentoring and developing technical teams in identity management practices
• Strong project management capabilities for large-scale identity transformation initiatives

Preferred/Nice-to-Have Skills:

• Experience with other identity platforms (Ping Identity, SailPoint, AWS IAM)
• Knowledge of compliance frameworks relevant to identity management (SOX, GDPR, HIPAA, NIST)
• Certifications in Microsoft identity technologies (SC-300, MS-102) or equivalent vendor certifications
• Experience with identity analytics, risk-based authentication, and behavioural analysis tools
• Understanding of DevSecOps practices and infrastructure-as-code for identity deployments