Sr. Systems Engineer (Active Directory)

SBD is seeking a

• Active Directory Services
• PKI Services
• DNS Name Resolution Services
• Directory Synchronization Services
• Technical team leadership
• Cross Organization Federated Authentication Services
• IT Infrastructure Planning, Architectural Design and Implementation Services
• Asset Management and Compliance Reporting Services
• Operations and Maintenance Services

• Must be a US Citizen able to obtain an agency-specific Public Trust clearance prior to starting
• Bachelor's Degree
• 8+ years as a Senior Administrator with on-prem Active Directory experience
• PKI administration experience
• DNS server management experience
• Experience managing AGPM/GPOs
• Strong PowerShell scripting experience
• Knowledge of LAPS/LAPS-E
• Familiarity with / Knowledge of Microsoft Azure Active Directory
• Knowledge of Office 365
• Knowledge of SCOM
• Must reside within a commutable distance to our customer's location in Lakewood, CO

• Knowledge of SAML authentication
• Knowledge of MIM or other Metadirectory technologies
• Knowledge of Programming (i.e., VB or C#)

• Continual review, maintenance and daily focus on operational security risks and best practices.
• Operations, consolidation planning, and oversight.
• Monitor Performance of related services level agreements.
• Manage service-level management processes.
• Provide continued support to Department level CAB's by facilitating meetings through the coordination of meeting schedules, agendas, and meeting minutes to include voting records as necessary.
• Develop, maintain, and track new optimization and standardization requirements to meet our customer's and Federal requirements.
• Develop and maintain an optimization and standardization strategy and review documentation with government to key stakeholders to achieve consensus.
• Assist in the development and execution of new IT initiatives directly and indirectly associated with the Department's implementation of EDS.
• Provide program support on behalf of the OCIO to external programs requiring the adoption or integration of related components.
• Ensure replication between the domains of the participant domains.
• Monitor event logs from forest root domain controllers using MOM, NetIQ, or other software tools. These logs will be maintained per Department guidance.
• Monitor and maintain operating system and software service packs and patches for systems per departmental policy and guidance. Test service packs and patches for release and distribution to domain controllers within the EDS domains using Microsoft Systems Management Server and/or Windows Software Update Services (SMS/WSUS), or appropriate distribution method.
• Operate and maintain all EDS related components in the customer's Test and Development Lab
• Operate and Maintain hardware associated with the system as appropriate.
• Maintain Security posture including appropriate security patching, anti-virus and definition files, and various other mandated security services and programs.
• Maintain any Department required monitoring programs.
• Operate and maintain the PKI services to include online and offline certification authorities and Hardware Storage Module(s) (HSM).
• Monitor EDS Device PKI subordinates and OCSP responders to ensure the correct Certificate Revocation List(s) (CRL) are published, updated, and available to all Departmental users.
• Maintain the EDS Root namespace.
• Operate and Maintain all EDS DNS servers and services.
• Maintain the Forest Schema and implement only approved changes.
• Maintain sites, services, and subnets as required by the EDS Participants.
• Maintain bridgehead servers as required.
• Maintain enterprise licensing and inventory reporting as required.
• Operate and Maintain Active Directory Federation Services (ADFS) servers or services, proxy devices and hardware load balancers.
• Operate and Maintain additional LDAP Directory services.
• Operate and Maintain Directory Synchronization services
• Maintain the Support domains for Enterprise infrastructure, applications services, test lab, and development lab.
• Test disaster recovery operations to include a full restore of the EDS to a disconnected test network status quarterly.
• Participate in periodic meetings and teleconferences as needed to support the EDS.
• Serve as a liaison to the Enterprise Services Network and ad hoc teams to ensure connectivity to and between the various Active Directory services.
• Serve as a liaison to the Enterprise Messaging Service Team serving the EDS.
• Serve as primary configuration management control for the EDS. Prepare change control documentation and ensure compliance with Change Control Guidance.
• Perform day-to-day research ensuring technology and best practice guidance are applied and used appropriately within the EDS.
• Provide general technical and operational expert consultation and maintenance on SAML 2.0, and Microsoft Active Directory Federation Services (ADFS).
• Provide general technical and operational expert consultation on Microsoft Windows Server 2008R2, Microsoft Windows Server 2012R2 and Microsoft Windows Server 2016, Active Directory and related Microsoft and other support and monitoring systems.
• Develop project plans to transition, administration and operations necessary to support this requirement.
• Install, Deploy, Migrate and Test Bureau DC's in the EDS environment as required,
• Test, document and perform migration of File and Print servers in the EDS environment.
• Work with bureau POC's to develop specific Group Policy Object (GPO) extensions or Configuration Service Provider (CSP) settings using the GPOs as the baseline.
• Provide expert level development and assistance of required scripts and/or procedures using PowerShell or other as necessary.
• Provide training on systems administration to necessary personnel.
• Maintain appropriate EDS systems and operations documentation.