Staff Active Directory/Entra/PAM Engineer

Job Description SummaryAs an Active Directory/Entra/PAM Engineer, you will be responsible for Active Directory DS, inclusive of Azure AD services. Plus, designing, implementing and maintaining our Privileged Access Management (PAM) system. These services are comprehensive – inclusive of architecture, design, implementation and ongoing operations in a dev-ops model with a focus on automation, integration, service resiliency and business partnership. The Active Directory/M365 Engineer will be responsible for the support, performance, lifecycle management, and continuous improvement of directory services/M365 across the GE Aerospace landscape.
Ideal candidate will have expertise in PAM, Active Directory management, migrations, Windows server, Entra-Sync and Strong PowerShell scripting.Job Description

Essential Responsibilities:

• Hands-on engineering responsibilities (Domain Controller build (server 2025), installation, configuration, upgrades, schema extensions/modifications and performance tuning and optimization).
• Extensive knowledge of creating and maintaining group policy objects.
• Experience in systems engineering, operating systems, scripting (ADCLI, PowerShell, Azure CLI) and architecture. Design, guide administer, tune, help improve the use of Microsoft's Security services and offerings Microsoft Azure AD features and services, such as Azure AD B2B & B2C.  Conditional Access policies, Security Center, Azure Sentinel.
• Experience with Microsoft or 3rd party management and monitoring solutions (SCCM, SCOM). 
• Extensive experience in Azure AD and supporting AADConnect.
• Knowledge and experience with the Microsoft Directory Stack and Azure and supporting components. 
• Monitor and maintain the production environment to meet the SLA’s.
• Proactively and continuously evaluate and address issues related to performance, stability, scalability, and extensibility of the systems.
• Leads or provides technical direction for the planning, designing, and execution of testing efforts.
• Provides technical consulting on the integration of application systems.
• Adhere to corporate standards/problem and change management policies.
• Produce root cause analysis documents and report on progress.
• Self-starter with strong organizational skills, strong sense of teamwork, and attention to detail
• Excellent verbal and written communication skills able to speak directly and professionally even when challenged.
• Recognizes patterns and complexity in problems. Acts as team player. 
• Configuration, administration, and maintenance of CyberArk solution, including both the infrastructure and the application itself       
• Hands on experience installing, upgrading, configuring, operating, and troubleshooting experience with CyberArk AAM (CCP, CP, ASCP), EPV, PVWA, CPM, PSM, HTML5 Gateway, PSMP, PTA (with various versions)
• Troubleshoot and resolve issues related to PAM systems, ensuring continuous availability and performance.
• Addresses ticket queue and follow appropriate change management procedures
• Scripting knowledge, PowerShell, Python, JavaScript, REST API
• Work closely with cross-functional teams, including IT, security, and compliance teams, to integrate PAM solutions into existing systems and applications. Ensure that PAM aligns with security and compliance requirements.
• Conduct regular security audits of privileged user activities and access reviews. Ensure compliance with security policies and regulatory requirements.
• Collaborate on the design and implementation of new PAM solutions, ensuring they align with security policies and regulatory requirements
• Proficiency in written and verbal communication to clearly convey technical information, collaborate with cross-functional teams, and document processes and solutions effectively.
• Strong organizational and documentation skills, with a meticulous approach to maintaining clear and comprehensive records of system configurations, access policies, and security incidents.
• Experience in Windows/UNIX administration in large heterogeneous environment

Minimum Qualifications:

• Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math)
• A minimum 5 years of IT experience in IT operations, DevOps, or development
• 3 years of experience with Active Directory/Entra and PAM

Eligibility Requirements:

• Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.

Desired Characteristics: 

• Understanding of various directory structures and configurations (LDAP, Active Directory, etc.). 
• Working knowledge of APIs or other forms of application integrations.
• Experience with or general understanding of SSO (SAML/Oauth2.0). 
• Understanding of PCI, SOX, HIPAA, EU-GDPR regulations for IAM. 
• Advanced knowledge and experience with the Microsoft Directory Stack and Azure and supporting components. 
• Knowledge in Group Policy Management 
• Experience with AD Trusts 
• Strong knowledge of PowerShell/MS Graph 
• Knowledge about Kerberos Authentication, SMB, NTLM 
• Strong troubleshooting and root cause analysis experience 
• Thorough knowledge of Software Development Life Cycle principles. 
• Good understanding of Platform Integration strategies by developing applications and framework.
• A key contributor to the Identity standards and actively participates in the annual review and update of Identity controls.        
• Experience creating custom platforms for applications to manage credentials in CyberArk vault
• Strong proficiency in network security, including experience with firewalls, intrusion detection systems, and network segmentation
• Experience in Windows/UNIX administration in large heterogeneous environment
• Experience with supporting IAM in a Cloud environment, including Azure or AWS
• CyberArk certification Defender/Sentry/CDE can be considered as added advantage.
• Quickly learn, internalize, and develop a strong understanding of key priorities.
• Strong understanding of identity and access management (IAM) principles and practices, particularly in relation to privileged access management (PAM).
• Experience with Ping, SailPoint, Saviynt, Active Directory, Microsoft Entra ID (Azure AD), AWS, and ServiceNow products
• Experience in vendor management
• Strong commitment to customer service and customer satisfaction
• Strong analytical and troubleshooting skills.
• Ability to work in a fast paced, highly dynamic and collaborative environment.
• Maps current requirements to industry trends, analyses competition trend
• Demonstrates mastery of the intricacies of interactions and dynamics in Agile teams. 
• Demonstrates advanced understanding of Lean Six Sigma principles and guides adoption.
• A key contributor to the Identity standards and actively participates in the annual review and
• Mature the support documentation library including standard operating procedures, workflows, and run books and instill a peer review process to sustain a comprehensive library. 
   

Note:
To comply with US immigration and other legal requirements, it is necessary to specify the minimum number of years' experience required for any role based within the USA. For roles outside of the USA, to ensure compliance with applicable legislation, the JDs should focus on the substantive level of experience required for the role and a minimum number of years should NOT be used.
This Job Description is intended to provide a high level guide to the role. However, it is not intended to amend or otherwise restrict/expand the duties required from each individual employee as set out in their respective employment contract and/or as otherwise agreed between an employee and their manager.

Additional Information