Department: Information Security Office
Salary/Grade: ITS/82

Job Summary:

The Senior Active Directory Engineer provides support for a complex environment(s). They provide advanced knowledge, skillsets and subject matter expertise (SME) of Microsoft AD Architecture, infrastructure and identity integrations with various technologies and services.

In this role, you will apply your knowledge and skillsets to provide support, consultation, design services, testing, documentation and implementation for Microsoft Active Directory, Cayosoft, Azure AD, Unity Sync and Windows based systems. That will include configuration/implementation of new functionality, versioning, modify existing set ups, and provide Tier 3 support for trouble shooting various issues or incidents. You will also provide an array of consultative information, guidance and/or assistance to various groups within NUIT as well as NU schools and units.

As a senior AD engineer you will need to have acquired extensive experience 6+ years hands on with Active Directory Server (ADS), Azure AD and other Microsoft and Identity products. You will assist with strategic planning and will work to ensure that IAM systems/solutions are both resilient and adaptive to an evolving Identity landscape. The IAM Senior AD Engineer leads and delivers on IAM projects within the MS team and provides guidance to other staff, as well as ensures compliance with all security associated NU, state, and federal rules and regulations. Works closely with stakeholders throughout.

Please note: This position will be required to participate in an on-call schedule that may result in occasional evening or weekend work.

Specific Responsibilities:

Strategic Planning

• Contribute to Risk Assessment and IAM Evaluations
  • Provide Guidance and Support in evaluating vendors, open source products and internally developed systems
  • Contribute to yearly and roadmap planning of the IAM portfolio.
  • Support processes and systems around vulnerability assessments, security risks and help champion IAM changes to move to best practices.
• Represent the Identity & Access Management Office in collaborative and strategic initiatives, applying expertise and functioning as an integral, complementary part of the information security organization

Administration

• Act as IAM point-of-contact for assigned MS team products.
• Serve as Tier 3 support and an escalation point for domain technology issues that cannot be solved by Tier 1 and Tier 2 support. Perform/Own root cause analysis, problem management, documentation and communication for Identity Environment( s).
• Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, system and key processes, reviewing system logs and verifying completion of scheduled tasks/jobs.
• Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate trouble shooting steps.
• Identify opportunities to innovate, extend and enhance service delivery where possible.
• Monitor and evaluate systems and services for conformity to existing policies,
• standards, and guidelines        

Engineer

• Ability to make AD configuration changes, schema extensions/modifications, set up or modify GPO's, OU's, trusts, etc.
• Architect, design and implement solutions for Active Directory infrastructure for efficiency and continuous improvement opportunities.
• Ability to create powershell scripts, read code, utilize Git for versioning and use an orchestration tool like (Cloudbees, Rundeck or other) for automation.
• Lead projects in the design, development, testing, and implementation of technical solutions which advance strategic initiatives in IAM including projects affecting the overall posture of Northwestern University
• Review existing Identity & Access Management practices, developing and implementing systems and solutions for additional controls, capabilities, or compliance
• Implement recommendations for assigned projects, in consultation with project team(s) and/or other NUIT staff
• Provide recommendations for continual process improvements across Identity &
• Access Management workflows
• Draft and review documentation such as analyses of technical, administrative, or procedural issues; procedural documentation/playbooks; and team documentation                          

Performance

• Collaborate with other Identity staff or NUIT staff as needed for incident remediation or incident investigations
• Provides troubleshooting and investigation assistance to users regarding potential or actual Identity incidents.
• Partners with users and internal/external staff to monitor and/or report school, unit, or departmental level IAM issues/incidents within applications or systems.
• Develop and maintain IAM MS team expertise through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in professional development
• programs/initiatives and approved by information security management.

Suoervises/Other

• Cultivate subject-matter expertise and skills in less experienced 1AM staff, in coordination with their supervisors and IAM management 

Minimum Qualifications:

• Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related; OR appropriate combination of education and experience.
• 5+ years MS Active Directory server experience - thorough understanding of Windows Server 2008, 2012 and 2016.
• Hands on experience installing, configuring, upgrading, AD configuration changes, schema extensions/modifications, set up GPO's, OU's, trusts, etc.
• Experience with MS AD in multi-domain and multi-forest environments.
• Experience with Azure AD, 0365, Intune and related technologies.
• Experience in advance scripting skills in Powershelll and the ability to read code, utilize Git and automate activities.
• Demonstrate knowledge of AD reports and usage of splunk.
• Demonstrate knowledge with problem resolution and experience with Tier 3 troubleshooting, on call and incident response.
• Monitoring and performance tuning for both Windows operating systems including- connectivity, synchronization, replication, netlogon, time services, schema, database partitions, DNS settings, SRV records, certificate authorities and trust relationships.
• Support of IAM on premise systems, SAAS and Cloud based solutions.

Preferred Qualifications:

• Bachelor's degree in a computer science or related field
• Experience in a higher education environment
• Experience with AD platform management and migration - streamlining architecture, AD account lifecycle management, etc.
• Experience developing and maintaining AD cluster solutions, certificate services and PKI administration.
• Expert level knowledge/experience with AD, ADFS, and AAD.
• MS Active Directory server experience with 2022.
• Experience supporting access management solutions, products and tools
• Demonstrated experience with: IT Operations as it relates to working with vendors to ask questions, open help desk tickets and troubleshoot issues.
• Desire to keep up industry skillsets and certifications.
• MS industry certification (e.g. MS800, MS801, AZ900, MCSA 2016 Server Core Certification or similar)
• Analytical skills with ability to relate to technical and non-technical personnel.

Benefits:
At Northwestern, we are proud to provide meaningful, competitive, high-quality health care plans, retirement benefits, tuition discounts and more! Visit us at https://www.northwestern.edu/hr/benefits/index.html to learn more.

Work-Life and Wellness:
Northwestern offers comprehensive programs and services to help you and your family navigate life’s challenges and opportunities, and adopt and maintain healthy lifestyles.
We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at https://www.northwestern.edu/hr/benefits/work-life/index.html to learn more.

Professional Growth & Development:
Northwestern supports employee career development in all circumstances whether your workspace is on campus or at home. If you’re interested in developing your professional potential or continuing your formal education, we offer a variety of tools and resources. Visit us at https://www.northwestern.edu/hr/learning/index.html to learn more.

Northwestern strongly recommends COVID-19 vaccinations and boosters for people who can obtain them as a critical tool for minimizing severe illness. More information can be found on the COVID-19 and Campus Updates webpage.

The Northwestern campus sits on the traditional homelands of the people of the Council of Three Fires, the Ojibwe, Potawatomi, and Odawa as well as the Menominee, Miami and Ho-Chunk nations. We acknowledge and honor the original people of the land upon which Northwestern University stands, and the Native people who remain on this land today.

Northwestern University is an Equal Opportunity, Affirmative Action Employer of all protected classes, includ