inSync Staffing
Network Engineer - Infrastructure Operations
inSync Staffing, Wilmington, Delaware, us, 19894
Job Title:
Sr. Authentication Engineer
Location:
Wilmington, DE
Industry:
Financial Services
Job Description: Theoris Services is assisting our client in their search for a Sr. Authentication Engineer to add to their growing team. Our client is seeking an individual with deep expertise in Active Directory and Microsoft Entra ID (formerly Azure AD) to lead the design, modernization, and operations of a hybrid identity platform. This role will drive the migration from traditional Active Directory to Entra ID, retire legacy federations (e.g., ADFS), and convert GPO-based controls into modern Conditional Access and Intune policies. The ideal candidate combines technical leadership with hands-on engineering skills and thrives in large-scale, enterprise environments.
Responsibilities:
Hybrid Identity Architecture & Management
Design, implement, and manage complex hybrid Active Directory and Microsoft Entra ID environments across on-premises and cloud. Administer Domain Controllers (Windows Server), including AD Sites & Services, DNS, DHCP, time services, SYSVOL/DFSR, and FSMO roles. Plan and execute domain lifecycle activities (consolidations, inter-forest migrations, decommissions). Configure and optimize Entra ID for secure access, Conditional Access, identity governance (PIM, access reviews), workload identities, and application registrations. Manage directory synchronization using Microsoft Entra Connect and Cloud Sync; maintain staging/DR patterns for continuity. Lead the retirement of legacy identity platforms (e.g., ADFS) and transition to modern authentication (OAuth/OIDC, SAML).
Cloud, Virtualization & Networking
Operate and troubleshoot Windows workloads in AWS (including EC2, VPC, subnets, security groups, VPN/Direct Connect). Design resilient identity topologies across data centers and cloud; implement and test AD forest/domain disaster recovery. Collaborate with platform teams on IaaS/PaaS implementations; leverage Infrastructure as Code (Terraform or CloudFormation) as applicable.
Security & Compliance
Harden Domain Controllers and Windows baselines per CIS Benchmarks and organizational policies. Translate legacy GPOs into cloud-based controls using Intune and Conditional Access. Implement strong authentication (MFA/Passwordless/Biometrics, certificate-based auth) and privileged access patterns (Tiering, PAW, JIT/JEA, PIM). Conduct security assessments, participate in audits, respond to incidents, and ensure compliance with frameworks (PCI, HIPAA, SOC 2, CJIS). Drive LDAP modernization initiatives, including transitioning to secure LDAPS and coordinating with endpoint and application teams.
Operational Excellence & Automation
Serve as senior escalation for complex identity issues, drive root cause analysis and sustainable remediation. Automate at scale using PowerShell and Microsoft Graph API Establish health monitoring and actionable alerting using native tools and SIEM (Google Chronicle, CloudWatch). Maintain comprehensive documentation, SOPs, and disaster recovery playbooks.
Collaboration & Leadership
Partner with application owners to modernize SSO (SAML/OIDC/OAuth) and deprecate legacy auth flows. Mentor engineers, lead design reviews, and participate in change management and risk assessments. Support both workforce and customer identity scenarios; experience with PingOne is a plus.
Requirements:
Bachelor's degree in Computer Science, Information Systems, or equivalent experience. 7+ years in Identity and Access Management, including 5+ years as a Domain Administrator in large, multi-site AD environments. Expertise in Domain Controller administration, AD Sites & Services, Windows DNS/DHCP, Kerberos/NTLM, and secure LDAPS. Hands-on experience with Microsoft Entra ID at enterprise scale, including Conditional Access, PIM, and application integrations. Proficiency with Entra Connect / Cloud Sync and troubleshooting synchronization/authentication flows. Strong PowerShell and Microsoft Graph automation skills. Experience operating Windows workloads in AWS/AMS and integrating cloud networking with on-prem identity services. Proven track record executing AD Entra ID migrations, ADFS decommissioning, and GPO-to-Intune conversions. Strong understanding of authentication protocols (LDAP, Kerberos, SAML, OIDC) and Zero Trust principles. Preferred Qualifications
Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent; additional certifications (AZ-104/305, SC-100) are a plus. Experience with Microsoft Defender for Identity, Defender for Endpoint, and Google Chronicle. Familiarity with modern access control models (RBAC/ABAC), SCIM provisioning, and workload identity management. Experience with customer identity platforms (e.g., PingOne) and B2C/B2B collaboration. Exposure to domain consolidation projects and AI/ML tools for IT operations. Familiarity with Infoblox for DNS/DHCP/IPAM.
Best-In-Class-Benefits We are in the people business; treating people right is our ONLY priority. Theoris Services consultants are full-time employees with full benefits, including:
Robust Health Insurance Excellent cash-based referral program
Sr. Authentication Engineer
Location:
Wilmington, DE
Industry:
Financial Services
Job Description: Theoris Services is assisting our client in their search for a Sr. Authentication Engineer to add to their growing team. Our client is seeking an individual with deep expertise in Active Directory and Microsoft Entra ID (formerly Azure AD) to lead the design, modernization, and operations of a hybrid identity platform. This role will drive the migration from traditional Active Directory to Entra ID, retire legacy federations (e.g., ADFS), and convert GPO-based controls into modern Conditional Access and Intune policies. The ideal candidate combines technical leadership with hands-on engineering skills and thrives in large-scale, enterprise environments.
Responsibilities:
Hybrid Identity Architecture & Management
Design, implement, and manage complex hybrid Active Directory and Microsoft Entra ID environments across on-premises and cloud. Administer Domain Controllers (Windows Server), including AD Sites & Services, DNS, DHCP, time services, SYSVOL/DFSR, and FSMO roles. Plan and execute domain lifecycle activities (consolidations, inter-forest migrations, decommissions). Configure and optimize Entra ID for secure access, Conditional Access, identity governance (PIM, access reviews), workload identities, and application registrations. Manage directory synchronization using Microsoft Entra Connect and Cloud Sync; maintain staging/DR patterns for continuity. Lead the retirement of legacy identity platforms (e.g., ADFS) and transition to modern authentication (OAuth/OIDC, SAML).
Cloud, Virtualization & Networking
Operate and troubleshoot Windows workloads in AWS (including EC2, VPC, subnets, security groups, VPN/Direct Connect). Design resilient identity topologies across data centers and cloud; implement and test AD forest/domain disaster recovery. Collaborate with platform teams on IaaS/PaaS implementations; leverage Infrastructure as Code (Terraform or CloudFormation) as applicable.
Security & Compliance
Harden Domain Controllers and Windows baselines per CIS Benchmarks and organizational policies. Translate legacy GPOs into cloud-based controls using Intune and Conditional Access. Implement strong authentication (MFA/Passwordless/Biometrics, certificate-based auth) and privileged access patterns (Tiering, PAW, JIT/JEA, PIM). Conduct security assessments, participate in audits, respond to incidents, and ensure compliance with frameworks (PCI, HIPAA, SOC 2, CJIS). Drive LDAP modernization initiatives, including transitioning to secure LDAPS and coordinating with endpoint and application teams.
Operational Excellence & Automation
Serve as senior escalation for complex identity issues, drive root cause analysis and sustainable remediation. Automate at scale using PowerShell and Microsoft Graph API Establish health monitoring and actionable alerting using native tools and SIEM (Google Chronicle, CloudWatch). Maintain comprehensive documentation, SOPs, and disaster recovery playbooks.
Collaboration & Leadership
Partner with application owners to modernize SSO (SAML/OIDC/OAuth) and deprecate legacy auth flows. Mentor engineers, lead design reviews, and participate in change management and risk assessments. Support both workforce and customer identity scenarios; experience with PingOne is a plus.
Requirements:
Bachelor's degree in Computer Science, Information Systems, or equivalent experience. 7+ years in Identity and Access Management, including 5+ years as a Domain Administrator in large, multi-site AD environments. Expertise in Domain Controller administration, AD Sites & Services, Windows DNS/DHCP, Kerberos/NTLM, and secure LDAPS. Hands-on experience with Microsoft Entra ID at enterprise scale, including Conditional Access, PIM, and application integrations. Proficiency with Entra Connect / Cloud Sync and troubleshooting synchronization/authentication flows. Strong PowerShell and Microsoft Graph automation skills. Experience operating Windows workloads in AWS/AMS and integrating cloud networking with on-prem identity services. Proven track record executing AD Entra ID migrations, ADFS decommissioning, and GPO-to-Intune conversions. Strong understanding of authentication protocols (LDAP, Kerberos, SAML, OIDC) and Zero Trust principles. Preferred Qualifications
Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent; additional certifications (AZ-104/305, SC-100) are a plus. Experience with Microsoft Defender for Identity, Defender for Endpoint, and Google Chronicle. Familiarity with modern access control models (RBAC/ABAC), SCIM provisioning, and workload identity management. Experience with customer identity platforms (e.g., PingOne) and B2C/B2B collaboration. Exposure to domain consolidation projects and AI/ML tools for IT operations. Familiarity with Infoblox for DNS/DHCP/IPAM.
Best-In-Class-Benefits We are in the people business; treating people right is our ONLY priority. Theoris Services consultants are full-time employees with full benefits, including:
Robust Health Insurance Excellent cash-based referral program