System Architect (Active Directory)

About Infinitive:
Infinitive is a data and AI consultancy that helps clients modernize, monetize, and operationalize their data to generate lasting value. They pride themselves on their deep industry and technology expertise, ensuring that they drive and sustain the adoption of new capabilities. Infinitive is committed to aligning their team with their clients' culture, ensuring a successful partnership by bringing the right mix of talent and skills for high return on investment.
Infinitive has earned recognition as one of the "Best Small Firms to Work For" by Consulting Magazine, receiving this accolade seven times, most recently in 2024. They have also been honored as a “Top Workplace” by the Washington Post, “Best Places to Work” by the Washington Business Journal, and “Best Places to Work” by Virginia Business.
Job Summary:
We are seeking an experienced Active Directory (AD) Architect to design, implement, and optimize enterprise-level directory services and identity management solutions. The ideal candidate will have deep expertise in Microsoft Active Directory, Azure AD, Identity & Access Management (IAM), and related security best practices. This role requires strong technical leadership, hands-on implementation skills, and the ability to drive architectural decisions that enhance security, scalability, and operational efficiency.
Key Responsibilities
Architecture & Design:

• Design and architect highly available, scalable, and secure Active Directory (AD) and Azure AD environments.
• Develop and maintain Active Directory Federation Services (ADFS), Azure AD Connect, Group Policy Objects (GPOs), and DNS architectures.
• Define and enforce directory trust models, authentication strategies (Kerberos, NTLM, OAuth, SAML, OpenID), and single sign-on (SSO) solutions.
• Optimize AD schema, forest, and domain structure for enterprise-scale deployments.
• Design and implement role-based access control (RBAC), privileged access management (PAM), and multi-factor authentication (MFA) solutions.

Implementation & Administration:

• Lead the migration, consolidation, or restructuring of AD domains and forests.
• Configure and manage Group Policies, Organizational Units (OUs), and user/group provisioning.
• Integrate AD with cloud-based identity solutions such as Okta, AWS IAM, Google Workspace, and other federated services.
• Ensure seamless synchronization between on-prem AD and Azure AD.
• Oversee PowerShell scripting for automation, monitoring, and troubleshooting of AD environments.

Security & Compliance:

• Implement Zero Trust security models within the AD infrastructure.
• Conduct security assessments, vulnerability remediation, and AD hardening to mitigate risks such as pass-the-hash and golden ticket attacks.
• Define policies and standards for identity governance, lifecycle management, and audit logging.
• Ensure compliance with ISO 27001, NIST, SOX, HIPAA, GDPR, and other regulatory requirements.

Monitoring & Troubleshooting:

• Establish proactive monitoring and alerting using tools like Microsoft Defender, Azure Monitor, Splunk, and SIEM solutions.
• Troubleshoot authentication failures, replication issues, and performance bottlenecks.
• Provide root cause analysis (RCA) and incident response for AD-related security breaches or service outages.

Collaboration & Documentation:

• Work closely with Security, Cloud, Network, and Application teams to align identity management strategies.
• Develop detailed architectural diagrams, SOPs, and documentation for AD environments.
• Train IT teams on best practices for Active Directory and Identity Management.

Technical Skills:

• 10+ years of experience in Active Directory architecture, design, and administration.
• Expertise in Azure Active Directory (Entra ID), ADFS, Azure AD Connect, and Azure B2C/B2B.
• Strong knowledge of Windows Server (2016/2019/2022), DNS, DHCP, and LDAP.
• Experience with identity federation protocols (SAML, OAuth, OpenID Connect, Kerberos, NTLM).
• Proficiency in PowerShell scripting for automation and management.
• Familiarity with SIEM tools, endpoint security, and identity threat detection.
• Hands-on experience with IAM solutions (Okta, SailPoint, Ping Identity, CyberArk, BeyondTrust, etc.).
• Knowledge of hybrid cloud environments (AWS, GCP, Azure) and cloud identity integrations.

Preferred Certifications (Nice to Have):

• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Certified: Azure Solutions Architect Expert
• Certified Information Systems Security Professional (CISSP)
• Certified Azure Security Engineer Associate
• Okta Certified Consultant or AWS Certified Security – Specialty