inSync Staffing
Senior Authentication Engineer - Active Directory & Microsoft Entra ID
inSync Staffing, Franklin, Indiana, United States, 46131
Job Title:
Senior Authentication Engineer
Location:
Indianapolis (Hybrid) Contract to Hire
Industry:
Financial Services - NO C2C
Job Summary We are seeking a Senior Authentication Engineer with deep expertise in Active Directory and Microsoft Entra ID (formerly Azure AD) to lead the design, modernization, and operations of a hybrid identity platform. This role will drive the migration from traditional Active Directory to Entra ID, retire legacy federations (e.g., ADFS), and convert GPO-based controls into modern Conditional Access and Intune policies. The ideal candidate combines technical leadership with hands-on engineering skills and thrives in large-scale, enterprise environments.
Core Responsibilities:
Hybrid Identity Architecture & Management Design, implement, and manage complex hybrid Active Directory and Microsoft Entra ID environments across on-premises and cloud. Administer Domain Controllers (Windows Server), including AD Sites & Services, DNS, DHCP, time services, SYSVOL/DFSR, and FSMO roles. Plan and execute domain lifecycle activities (consolidations, inter-forest migrations, decommissions). Configure and optimize Entra ID for secure access, Conditional Access, identity governance (PIM, access reviews), workload identities, and application registrations. Manage directory synchronization using Microsoft Entra Connect and Cloud Sync; maintain staging/DR patterns for continuity. Lead the retirement of legacy identity platforms (e.g., ADFS) and transition to modern authentication (OAuth/OIDC, SAML). Cloud, Virtualization & Networking
Operate and troubleshoot Windows workloads in AWS (including EC2, VPC, subnets, security groups, VPN/Direct Connect). Design resilient identity topologies across data centers and cloud; implement and test AD forest/domain disaster recovery. Collaborate with platform teams on IaaS/PaaS implementations; leverage Infrastructure as Code (Terraform or CloudFormation) as applicable. Security & Compliance
Harden Domain Controllers and Windows baselines per CIS Benchmarks and organizational policies. Translate legacy GPOs into cloud-based controls using Intune and Conditional Access. Implement strong authentication (MFA/Passwordless/Biometrics, certificate-based auth) and privileged access patterns (Tiering, PAW, JIT/JEA, PIM). Conduct security assessments, participate in audits, respond to incidents, and ensure compliance with frameworks (PCI, HIPAA, SOC 2, CJIS). Drive LDAP modernization initiatives, including transitioning to secure LDAPS and coordinating with endpoint and application teams. Operational Excellence & Automation
Serve as senior escalation for complex identity issues; drive root cause analysis and sustainable remediation. Automate at scale using PowerShell and Microsoft Graph API. Establish health monitoring and actionable alerting using native tools and SIEM (Google Chronicle, CloudWatch). Maintain comprehensive documentation, SOPs, and disaster recovery playbooks. Collaboration & Leadership
Partner with application owners to modernize SSO (SAML/OIDC/OAuth) and deprecate legacy auth flows. Mentor engineers, lead design reviews, and participate in change management and risk assessments. Support both workforce and customer identity scenarios; experience with PingOne is a plus. Required Qualifications:
Bachelor's degree in Computer Science, Information Systems, or equivalent experience. 7+ years in Identity and Access Management, including 5+ years as a Domain Administrator in large, multi-site AD environments. Expertise in Domain Controller administration, AD Sites & Services, Windows DNS/DHCP, Kerberos/NTLM, and secure LDAPS. Hands-on experience with Microsoft Entra ID at enterprise scale, including Conditional Access, PIM, and application integrations. Proficiency with Entra Connect / Cloud Sync and troubleshooting synchronization/authentication flows. Strong PowerShell and Microsoft Graph automation skills. Experience operating Windows workloads in AWS/AMS and integrating cloud networking with on-prem identity services. Proven track record executing AD → Entra ID migrations, ADFS decommissioning, and GPO-to-Intune conversions. Strong understanding of authentication protocols (LDAP, Kerberos, SAML, OIDC) and Zero Trust principles. Preferred Qualifications:
Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent; additional certifications (AZ-104/305, SC-100) are a plus. Experience with Microsoft Defender for Identity, Defender for Endpoint, and Google Chronicle. Familiarity with modern access control models (RBAC/ABAC), SCIM provisioning, and workload identity management. Experience with customer identity platforms (e.g., PingOne) and B2C/B2B collaboration. Exposure to domain consolidation projects and AI/ML tools for IT operations. Familiarity with Infoblox for DNS/DHCP/IPAM.
About Theoris:
Our goal is to Fuel Your Career! As a Theoris team member, you join a culture based on people-centered values and an environment that fosters both personal and professional growth. We build long-term relationships with our clients and our consultants. With over 30 years of building strong relationships in the industry, we're uniquely positioned to make the right connections. This knowledge is used to find the right job placement. Our recruiting teams are experts dedicated to the information technology and engineering staffing space and are highly respected by our client base.
Senior Authentication Engineer
Location:
Indianapolis (Hybrid) Contract to Hire
Industry:
Financial Services - NO C2C
Job Summary We are seeking a Senior Authentication Engineer with deep expertise in Active Directory and Microsoft Entra ID (formerly Azure AD) to lead the design, modernization, and operations of a hybrid identity platform. This role will drive the migration from traditional Active Directory to Entra ID, retire legacy federations (e.g., ADFS), and convert GPO-based controls into modern Conditional Access and Intune policies. The ideal candidate combines technical leadership with hands-on engineering skills and thrives in large-scale, enterprise environments.
Core Responsibilities:
Hybrid Identity Architecture & Management Design, implement, and manage complex hybrid Active Directory and Microsoft Entra ID environments across on-premises and cloud. Administer Domain Controllers (Windows Server), including AD Sites & Services, DNS, DHCP, time services, SYSVOL/DFSR, and FSMO roles. Plan and execute domain lifecycle activities (consolidations, inter-forest migrations, decommissions). Configure and optimize Entra ID for secure access, Conditional Access, identity governance (PIM, access reviews), workload identities, and application registrations. Manage directory synchronization using Microsoft Entra Connect and Cloud Sync; maintain staging/DR patterns for continuity. Lead the retirement of legacy identity platforms (e.g., ADFS) and transition to modern authentication (OAuth/OIDC, SAML). Cloud, Virtualization & Networking
Operate and troubleshoot Windows workloads in AWS (including EC2, VPC, subnets, security groups, VPN/Direct Connect). Design resilient identity topologies across data centers and cloud; implement and test AD forest/domain disaster recovery. Collaborate with platform teams on IaaS/PaaS implementations; leverage Infrastructure as Code (Terraform or CloudFormation) as applicable. Security & Compliance
Harden Domain Controllers and Windows baselines per CIS Benchmarks and organizational policies. Translate legacy GPOs into cloud-based controls using Intune and Conditional Access. Implement strong authentication (MFA/Passwordless/Biometrics, certificate-based auth) and privileged access patterns (Tiering, PAW, JIT/JEA, PIM). Conduct security assessments, participate in audits, respond to incidents, and ensure compliance with frameworks (PCI, HIPAA, SOC 2, CJIS). Drive LDAP modernization initiatives, including transitioning to secure LDAPS and coordinating with endpoint and application teams. Operational Excellence & Automation
Serve as senior escalation for complex identity issues; drive root cause analysis and sustainable remediation. Automate at scale using PowerShell and Microsoft Graph API. Establish health monitoring and actionable alerting using native tools and SIEM (Google Chronicle, CloudWatch). Maintain comprehensive documentation, SOPs, and disaster recovery playbooks. Collaboration & Leadership
Partner with application owners to modernize SSO (SAML/OIDC/OAuth) and deprecate legacy auth flows. Mentor engineers, lead design reviews, and participate in change management and risk assessments. Support both workforce and customer identity scenarios; experience with PingOne is a plus. Required Qualifications:
Bachelor's degree in Computer Science, Information Systems, or equivalent experience. 7+ years in Identity and Access Management, including 5+ years as a Domain Administrator in large, multi-site AD environments. Expertise in Domain Controller administration, AD Sites & Services, Windows DNS/DHCP, Kerberos/NTLM, and secure LDAPS. Hands-on experience with Microsoft Entra ID at enterprise scale, including Conditional Access, PIM, and application integrations. Proficiency with Entra Connect / Cloud Sync and troubleshooting synchronization/authentication flows. Strong PowerShell and Microsoft Graph automation skills. Experience operating Windows workloads in AWS/AMS and integrating cloud networking with on-prem identity services. Proven track record executing AD → Entra ID migrations, ADFS decommissioning, and GPO-to-Intune conversions. Strong understanding of authentication protocols (LDAP, Kerberos, SAML, OIDC) and Zero Trust principles. Preferred Qualifications:
Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent; additional certifications (AZ-104/305, SC-100) are a plus. Experience with Microsoft Defender for Identity, Defender for Endpoint, and Google Chronicle. Familiarity with modern access control models (RBAC/ABAC), SCIM provisioning, and workload identity management. Experience with customer identity platforms (e.g., PingOne) and B2C/B2B collaboration. Exposure to domain consolidation projects and AI/ML tools for IT operations. Familiarity with Infoblox for DNS/DHCP/IPAM.
About Theoris:
Our goal is to Fuel Your Career! As a Theoris team member, you join a culture based on people-centered values and an environment that fosters both personal and professional growth. We build long-term relationships with our clients and our consultants. With over 30 years of building strong relationships in the industry, we're uniquely positioned to make the right connections. This knowledge is used to find the right job placement. Our recruiting teams are experts dedicated to the information technology and engineering staffing space and are highly respected by our client base.