IN-Sr Technical Architect - Cloud (Microsoft AD Admin, Active Directory and Domain Controller, Azure, Windows)

Scope:

The L4 Windows Domain Controller and Active Directory Senior Architect is a senior-most technical authority responsible for the strategic design, modernization, governance, and security of enterprise-scale Active Directory and Domain Controller infrastructures. This role defines the vision, architecture roadmap, and operational frameworks for global identity and access management ecosystems, ensuring resilience, scalability, and Zero Trust compliance across hybrid environments (on-prem, Azure AD/Entra ID, and multi-cloud).

Our current technical environment:
• Microsoft Azure
• VMWare Esxi
What you’ll do:

• Define end-to-end Active Directory (AD) and Domain Controller (DC) architecture across multi-region, multi-forest enterprise environments.

• Architect and govern hybrid identity frameworks integrating on-prem AD with Azure AD / Microsoft Entra ID.

• Design disaster recovery, replication topology, and site resilience strategies.

• Establish reference architectures, blueprints, and design patterns for AD deployments and migrations.

• Lead forest/domain consolidation, modernization, and cloud transformation initiatives.

• Implement Zero Trust principles in Active Directory and identity design.

• Lead AD security hardening, including administrative tiering, privileged access segregation, and credential protection.

• Define and enforce GPO baselines, Delegation of Control, and Role-Based Access Control (RBAC).

• Conduct AD security posture reviews, vulnerability analysis, and remediation planning.

• Collaborate with cybersecurity teams for SIEM (Sentinel/Splunk) and PIM/PAM (Privileged Identity Management) integration.

• Ensure compliance with ISO 27001, NIST 800-53, CIS Benchmarks, GDPR, and SOX frameworks.

• Design and govern hybrid identity synchronization using Azure AD Connect / Entra Connect.

• Define SSO, Federation, and Conditional Access models using ADFS, SAML, OAuth2, OpenID Connect.

• Integrate Azure AD, Okta, or Ping Identity with enterprise applications for secure authentication.

• Guide transition to passwordless, MFA, and certificate-based authentication strategies.

• Serve as the enterprise AD subject matter expert (SME) and architectural authority for all directory services.

• Partner with Cloud, Security, and Network Architects to align identity design with overall IT strategy.

• Provide technical mentorship to global L2/L3 AD engineers.

• Lead architecture reviews, audits, and design approval boards for AD-related projects.

• Represent the organization in Microsoft technical advisory councils or equivalent enterprise forums.

What we are looking for:

• Bachelor’s or Master’s degree in Computer Science, IT, or related discipline.

• 15+ years of progressive experience in Windows Infrastructure and Identity Services.

• 10+ years in Active Directory architecture, security, and operations at enterprise scale.

• Proven track record designing global multi-forest AD environments with 50K+ users.

• Experience leading cloud identity transformations and Zero Trust adoption.

• Deep understanding of IAM lifecycle, identity governance, and security frameworks.

• Strong communication, documentation, and stakeholder engagement skills.

Good to have:

• Microsoft Certified: Identity and Access Administrator Associate or Microsoft Certified: Azure Solutions Architect Expert.

• MCSE: Core Infrastructure, Certified Information Systems Security Professional (CISSP), or SANS AD Security Certification (Active Directory Security Expert).

•

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.