Active Directory Security Engineer

Company: Genesis10
Location: Charlotte
Posted on: April 10, 2025

Job Description:

Genesis10 is currently seeking an Active Directory Security Engineer with our client in the financial industry located in Charlotte, NC, Plano, TX, and Pennington, NJ. This is a 12+ month contract position.

Check below to see if you have what is needed for this opportunity, and if so, make an application asap.

Responsibilities: Analysis, design, implementation coordination and 4th level escalation support of complex, enterprise level Active Directory solutions, specifically pertaining to security
Work within the engineering organization, interact with peer teams and partner groups, scale and deploy improvement, consolidation and migration efforts within the enterprise
Translate business needs into workable technology solutions that meet the requirements of internal customers and peer Active Directory Engineering and Operations teams
Develop standards, target states, roadmaps, effectively socializing and obtaining consensus across architecture, engineering and operations teams
Independently manage and perform engineering role for large scale Active Directory efforts and initiatives
Perform various functions and duties in support of audit and compliance deliverables - verification/remittance of directory security evidence
Develop detailed architecture, standards, design and implementation documentation
Analyze current Active Directory environment to identify both technical and operational challenges while making recommendations and developing solutions for improvement
Participate in or lead complex or high severity troubleshooting and incident/problem resolutions with other infrastructure teams


Requirements: At least 5-10 years of dedicated Active Directory engineering and architecture experience that includes designing, implementing and maintaining complex enterprise level (50K+ objects) Active Directory solutions and security models
Overarching broad and deep technical experience with Active Directory Security
Extensive experience and advanced knowledge implementing Windows security concepts and policies, least-privilege design principles
Extensive knowledge of AD Security best-practices, latest security threats/trends and mitigation thereof
Experience with best practices for Active Directory disaster recovery, object management, security models and trust creation
Granular ACE permissions models meeting functional and technical requirements
Advanced PowerShell scripting experience and capabilities
Strong working knowledge of Windows Server operating systems platforms, DNS, networks, DMZs, firewalls, network security zones and IPv6
Deep, in-depth working knowledge of Kerberos (Microsoft and MIT/Heimdal) and NTLM authentication, MFA, SSO and federation technologies
Extensive and deep knowledge of Group Policy Objects (GPOs), engineering, implementing and 3rd party management solutions thereof
Strong knowledge of LDAP and ability to comfortably construct queries
Experience performing large scale upgrades, migrations, transitions and consolidation of Active Directory domains and forests
Experience and confidence to be the subject matter expert (SME) in an environment of this size and scale in order to coordinate technical efforts and resolve issues across multiple teams
Working knowledge of Certificate/CA/PKI infrastructure
Excellent communication skills, including proven experience effectively communicating technical challenges and solutions to peers, customers and senior management
Able to operate and function well in a multi-cultural, geographically dispersed virtual team environment


Desired skills: Experience with Microsoft's Enhanced Security Architecture Environment (ESAE) - "Red/Bastion/Admin forest design; including JIT (just in time) and JEA (just enough administration) concepts
Experience engineering password vaulting solutions (CyberArk, Lieberman, Thycotic, etc.)
Red Team assessment, exposure, and interaction
Alternative scripting/programming skills (C#, VBscript, Javascript, Python, Perl)
Microsoft Azure integration
MS SQL/DB knowledge
Experience with RESTful APIs
Microsoft or 3rd party management and monitoring solutions (SCCM, SCOM, VCM, Quest GPO Admin)
Unix/Linux skills; Vintela VAS integration; RedHat IdM


Only candidates available and ready to work directly as Genesis10 employees will be considered for this position.

If you have the described qualifications and are interested in this exciting opportunity, please apply!

About Genesis10:
Ranked a Top Staffing Firm in the U.S. by Staffing Industry Analysts for six consecutive years, Genesis10 puts thousands of consultants and employees to work across the United States every year in contract, contract-for-hire, and permanent placement roles. With more than 300 active clients, Genesis10 provides access to many of the Fortune 100 firms and a variety of mid-market organizations across the full spectrum of industry verticals.

For contract roles, Genesis10 offers the benefits listed below. If this is a perm-placement opportunity, our recruiter can talk you through the unique benefits offered for that particular client. Benefits of Working with Genesis10: --- Access to hundreds of clients, most who have been working with Genesis10 for 5-20+ years.
--- The opportunity to have a career-home in Genesis10; many of our consultants have been working exclusively with Genesis10 for years.
--- Access to an experienced, caring recruiting team (more than 7 years of experience, on average.)
--- Behavioral Health Platform
--- Medical, Dental, Vision
--- Health Savings Account
--- Voluntary Hospital Indemnity (Critical Illness & Accident)
--- Voluntary Term Life Insurance
--- 401K
--- Sick Pay (for applicable states/municipalities)
--- Commuter Benefits (Dallas, NYC, SF and Illinois)

For multiple years running, Genesis10 has been recognized as a Top Staffing Firm in the U.S., as a Best Company for Work-Life Balance, as a Best Company for Career Growth, for Diversity, and for Leadership, amongst others. To learn more and to view all our available career opportunities, please visit us at our website.

Genesis10 is an Equal Opportunity Employer. Candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Keywords: Genesis10, Kannapolis , Active Directory Security Engineer, Engineering , Charlotte, North Carolina