Lincoln Financial Services
Sr. Directory Services Engineer
Lincoln Financial Services, Broomall, Pennsylvania, United States, 19008
Sr. Directory Services Engineer
This position will provide subject matter expertise and direction on complex projects/initiatives. Responsibilities of this Engineer/Administrator role include designing, managing, maintaining and securing LFG's (Lincoln Financial Groups) Active Directory, Active Directory Certificate Services, and Forest-Domain-Trust management. This role will have exposure working with application and service owners to adopt modern authentication patterns such as SAML and Oauth along with supporting legacy authentication. Finally, the role includes Domain Services monitoring and alerting responsibilities; assisting in ITDR exercises; automating where opportunities arise; and support for our Security and Enterprise departments by implementing and enforcing regulatory compliance and standards adherence. Serve alongside other technical experts managing, designing and operationalizing LFG's IDP; Active Directory, Microsoft Entra (Azure Active Directory) Drive LFG's application integrations to utilize modern auth while supporting legacy authentication protocols securely. Tier 4 support for Application Registration (Oauth/OIDC)/Enterprise Application Registration (SAM) operations as needed. Work closely with Security and Enterprise Architecture to design enterprise compliant solutions. Act as a subject matter expert for projects involving hybrid Active Directory/Entra ID environments. Support Public-Key-Infrastructure with Active Directory Certificate Services and Key Factor integrations. Lead troubleshooting and incident resolution for complex, high-severity incidents. Develop and implement automated solutions to enhance security and operational efficiency. Collaborate with Managed Service Providers (MSPs) operations support and provide support to the team. Create and maintain internal documentation and share knowledge with the team. Present engineered solutions to Architecture and Peer Review Boards Partner with cross-functional teams including security, infrastructure, and application owners to ensure seamless integration of authentication solutions. Maintains knowledge on current and emerging developments/trends, assesses the impact, and collaborates with senior management to incorporate new trends and developments in current and future solutions. Directs and enhances organizational initiatives by positively influencing and supporting change management and/or departmental/enterprise initiatives. Identifies and directs the implementation of process improvements that significantly improve quality across the team, department and/or business unit. Provides subject matter expertise to team members and applicable internal/external stakeholders on complex assignments/projects. Configures, installs, maintains and performs upgrades to Domain Controllers, Certificate Authority Servers and Active Directory Domains. Serves as a subject matter expert to administer and maintain security of Active Directory, EntraID and PKI infrastructure. Must Haves (Required): 10+ years' experience in related role with Active Directory, Entra ID (Azure Active Directory) Expert knowledge with Directory Services protocols legacy and modern (LDAP, Kerberos, NTLM, SAML, OAuth, Auth0, etc) 5+ extensive experience with Azure Application registrations and Enterprise Application Registrations, and graph APIs. Proficiency in scripting and automation using PowerShell and MS Graph Strong troubleshooting in Windows Server, Active Directory and authentication-related issues. In-depth experience conducting Active Directory Disaster Recovery exercises. Deep understanding of Active Directory Sites-&-Services Proven experience in AD hardening, Forest-Domain-Trust Management for day-to-day operations with an eye on securing Active Directory for the future. Nice to Haves (Preferred): Service-Now experience (ITSM, CMDB, Workflow) Knowledge of Splunk utilization and queries a plus. (SEIM) Collaborate with Agile teams, utilizing Jira and Confluence to track engineering tasks, document processes and enhance collaboration. Applications for this position will be accepted through October 3, 2025, subject to earlier closure due to applicant volume.
This position will provide subject matter expertise and direction on complex projects/initiatives. Responsibilities of this Engineer/Administrator role include designing, managing, maintaining and securing LFG's (Lincoln Financial Groups) Active Directory, Active Directory Certificate Services, and Forest-Domain-Trust management. This role will have exposure working with application and service owners to adopt modern authentication patterns such as SAML and Oauth along with supporting legacy authentication. Finally, the role includes Domain Services monitoring and alerting responsibilities; assisting in ITDR exercises; automating where opportunities arise; and support for our Security and Enterprise departments by implementing and enforcing regulatory compliance and standards adherence. Serve alongside other technical experts managing, designing and operationalizing LFG's IDP; Active Directory, Microsoft Entra (Azure Active Directory) Drive LFG's application integrations to utilize modern auth while supporting legacy authentication protocols securely. Tier 4 support for Application Registration (Oauth/OIDC)/Enterprise Application Registration (SAM) operations as needed. Work closely with Security and Enterprise Architecture to design enterprise compliant solutions. Act as a subject matter expert for projects involving hybrid Active Directory/Entra ID environments. Support Public-Key-Infrastructure with Active Directory Certificate Services and Key Factor integrations. Lead troubleshooting and incident resolution for complex, high-severity incidents. Develop and implement automated solutions to enhance security and operational efficiency. Collaborate with Managed Service Providers (MSPs) operations support and provide support to the team. Create and maintain internal documentation and share knowledge with the team. Present engineered solutions to Architecture and Peer Review Boards Partner with cross-functional teams including security, infrastructure, and application owners to ensure seamless integration of authentication solutions. Maintains knowledge on current and emerging developments/trends, assesses the impact, and collaborates with senior management to incorporate new trends and developments in current and future solutions. Directs and enhances organizational initiatives by positively influencing and supporting change management and/or departmental/enterprise initiatives. Identifies and directs the implementation of process improvements that significantly improve quality across the team, department and/or business unit. Provides subject matter expertise to team members and applicable internal/external stakeholders on complex assignments/projects. Configures, installs, maintains and performs upgrades to Domain Controllers, Certificate Authority Servers and Active Directory Domains. Serves as a subject matter expert to administer and maintain security of Active Directory, EntraID and PKI infrastructure. Must Haves (Required): 10+ years' experience in related role with Active Directory, Entra ID (Azure Active Directory) Expert knowledge with Directory Services protocols legacy and modern (LDAP, Kerberos, NTLM, SAML, OAuth, Auth0, etc) 5+ extensive experience with Azure Application registrations and Enterprise Application Registrations, and graph APIs. Proficiency in scripting and automation using PowerShell and MS Graph Strong troubleshooting in Windows Server, Active Directory and authentication-related issues. In-depth experience conducting Active Directory Disaster Recovery exercises. Deep understanding of Active Directory Sites-&-Services Proven experience in AD hardening, Forest-Domain-Trust Management for day-to-day operations with an eye on securing Active Directory for the future. Nice to Haves (Preferred): Service-Now experience (ITSM, CMDB, Workflow) Knowledge of Splunk utilization and queries a plus. (SEIM) Collaborate with Agile teams, utilizing Jira and Confluence to track engineering tasks, document processes and enhance collaboration. Applications for this position will be accepted through October 3, 2025, subject to earlier closure due to applicant volume.