RIT Solutions, Inc.
Job Title - IDAM Engineers
Location: Remote
Position Overview
We are seeking a highly skilled Active Directory Architect/Engineer to lead the rearchitecture of our single-domain, hybrid identity environment supporting approximately 1,000 users . This role involves a strategic redesign of on-premises Active Directory in close alignment with Microsoft Entra ID (Azure AD) integration and Zero Trust Architecture (ZTA) principles. The ideal candidate will bring deep experience in both on-prem and cloud identity services, a strong security mindset, and a proven ability to lead modernization efforts in government-regulated environments.
Key Responsibilities
Active Directory & Hybrid Identity Architecture
Qualifications
Location: Remote
Position Overview
We are seeking a highly skilled Active Directory Architect/Engineer to lead the rearchitecture of our single-domain, hybrid identity environment supporting approximately 1,000 users . This role involves a strategic redesign of on-premises Active Directory in close alignment with Microsoft Entra ID (Azure AD) integration and Zero Trust Architecture (ZTA) principles. The ideal candidate will bring deep experience in both on-prem and cloud identity services, a strong security mindset, and a proven ability to lead modernization efforts in government-regulated environments.
Key Responsibilities
Active Directory & Hybrid Identity Architecture
- Evaluate the current AD domain structure, OU/GPO organization, replication design, and domain controllers.
- Design a modernized AD architecture incorporating hybrid identity integration with Microsoft Entra (formerly Azure AD).
- Implement secure synchronization strategies using Azure AD Connect, including consideration for Password Hash Sync, Pass-through Authentication, and Seamless SSO.
- Rebuild identity infrastructure in line with Zero Trust architecture, implementing least privilege, segmented access, and conditional access.
- Minimize elevated privileges by deploying tiered administration, privileged access workstations (PAWs), LAPS, and Just-In-Time (JIT) models.
- Assist in integrating Microsoft Entra features such as Entra Permissions Management, Conditional Access, and Privileged Identity Management (PIM).
- Ensure AD and Entra configurations are compliant with FISMA and internal policy standards.
- Implement robust auditing, identity lifecycle management, and authentication hardening (e.g., MFA, smart card/PIV, certificate-based authentication).
- Lead implementation and cutover plans with minimal disruption.
- Document all architecture, GPO standards, security configurations, and recovery procedures.
- Train internal staff on ongoing management of the hybrid identity environment.
Qualifications
- Must hold or be eligible for Public Trust Tier 2 (Moderate Risk) U.S. government clearance.
- 7+ years of experience in Active Directory design, restructuring, and administration.
- 3+ years of experience with Microsoft Entra ID (Azure AD) in hybrid environments.
- Proven ability to implement Zero Trust principles within identity and access infrastructure.
- Experience configuring Azure AD Connect, Conditional Access Policies, PIM, and secure sync models.
- Strong knowledge of Kerberos, NTLM, LDAP, DNS, GPO, replication, and RBAC.
- Microsoft certifications such as, preferred:
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Cybersecurity Architect Expert
- Microsoft Certified: Azure Solutions Architect Expert
- Familiarity with NIST 800-53, OMB M-22-09, and CISA Zero Trust Maturity Model.
- Experience with security tools such as ADFS, gMSAs, SIEM integrations, Entra Permissions Management, and MDM tools (e.g., Intune).
- Strong communication and documentation skills, with the ability to brief stakeholders.
- Ability to lead cross-functional teams and interface with cybersecurity, compliance, and cloud engineering teams.