**Hybrid - 1 Day from Office, Rest Remote

Job description:

We are seeking an experienced Senior Active Directory Architect to lead the design of our on-premises and hybrid identity infrastructure. This role is critical in shaping the future of identity and access services across, ensuring security, scalability, and seamless integration with cloud services and business systems.

Key responsibilities:

• Architect and implement enterprise-level Active Directory solutions to support authentication, authorization, and directory services across a secure environment.
• Design the logical structure (organizational units, accounts, groups, group strategies) that meet business and compliance requirements.
• Elaborate a fine grain delegation model based on the principle of least access (RBAC, AGDLP/AGUDLP).
• Assess and reinforce access controls. (ACLs, GPOs, Privileged access groups)
• Oversee hybrid identity integrations including Microsoft Entra ID, and third-party platforms (e.g., Okta, Ping).
• Lead migration, consolidation, or remediation strategy involving domain restructuring across legacy environments.
• Manage AD replication topology, FSMO roles, DNS, DHCP, and domain controller placement.
• Collaborate with Information Security and IT Governance teams to ensure adherence to compliance frameworks (e.g., NIST, ISO 27001, SOX).
• Document architectural standards, naming convention schemas, solution diagrams, and configuration baselines.
• Guide design based on future state technology from Microsoft and other key vendors 

The candidate must have the following qualifications to be retained for an internal process:

•  Bachelor’s degree in computer science, Information Systems, or related field (or equivalent experience).
• 10+ years of experience in IT infrfastructure, with 5+ years specifically in Active Directory architecture.
• Proven track record in Active Directory / hybrid identity implementations and migrations, including AD Connect and Entra ID.
• In-depth knowledge of Microsoft Active Directory (2008R2 to 2025).
• Expertise in the design of delegation models and OU structures.
• In-depth knowledge of Ad security best practices.
• Solid understanding of LDAP, Kerberos, NTLM, SAML, OAuth, ADFS, PKI etc.
• Familiar with Privileged Access Management (PAM) and Identity Governance (IGA) tools. (e.g., CyberArk, BeyondTrust).
• Experience with multi-factor authentication (MFA) and Conditional Access Policies.

Understanding of cloud identity integration (Azure, AWS, GCP).

Asset:

• Microsoft Certified: Identity and Access Administrator (SC-300)
• Microsoft Certified: Azure Solutions Architect Expert
• MCSE: Core Infrastructure