Infrastructure Security Engineer Active Directory

Infrastructure Security Engineer – Active Directory & Identity

We are seeking an Infrastructure Security Engineer – Active Directory & Identity to manage, secure, and modernize enterprise identity and access infrastructure in a regulated banking environment. This role focuses on Active Directory (AD), identity hardening, privileged access controls, and hybrid identity integrations, ensuring high availability, strong security posture, and regulatory compliance. The role also interfaces with adjacent infrastructure security domains such as VDI, endpoint posture, and access control platforms. The ideal candidate combines deep AD expertise with a security-first mindset, strong operational discipline, and comfort operating under audit and regulatory scrutiny.

Key Responsibilities

Active Directory & Identity Services

• Design, operate, and secure Active Directory Domain Services (AD DS) across multi-domain and multi-forest environments.
• Manage user, group, and service identities, ensuring least-privilege access and adherence to security baselines.
• Administer privileged accounts, service accounts, and role-based access models.

Group Policy & Configuration Hardening

• Design, implement, and maintain Group Policy Objects (GPOs) for security hardening, access control, and configuration enforcement.
• Apply secure baseline configurations aligned with internal standards and regulatory guidance.
• Review and remediate GPO drift, conflicts, and security gaps.

DNS Management

• Administer and support Infoblox and AD DNS infrastructure
• Manage and reconcile Internal as well as External DNS platforms
• Hands-on experience on external DNS providers like Akamai, Qualispace, Cloudflare, etc.
• Configure and manage authoritative and recursive DNS services
• Perform DNS zone creation, delegation, and record management (A, AAAA, CNAME, MX, PTR, TXT, SRV)
• Monitor system health, performance, and availability of Infoblox appliances
• Troubleshoot DNS issues and resolve incidents efficiently
• Implement DNS security features such as DNS Firewall & Threat Protection
• Integrate Infoblox with Active Directory and automation tools

Identity Security & Hardening

• Implement Active Directory security best practices including tiered administration, privileged access separation, and attack surface reduction.
• Monitor and respond to identity-related security events such as unauthorized access, privilege escalation, and directory misuse.
• Support integration with PAM, MFA, and identity governance solutions.

Hybrid Identity & Integration

• Manage directory synchronization between on-prem AD and cloud-based identity platforms.
• Integrate AD with enterprise services such as DNS, DHCP, email platforms, endpoint management, and access security tools.
• Support identity integration for cloud workloads and applications.

Monitoring, Operations & Incident Support

• Monitor directory health, replication, authentication services, and security logs.
• Troubleshoot complex AD-related issues impacting authentication, authorization, or availability.
• Support security incident response involving identity compromise or misuse.

Backup, Recovery & Resilience

• Implement and maintain Active Directory backup and disaster recovery strategies.
• Regularly test authoritative and non-authoritative restores, ensuring readiness for security or operational incidents.
• Ensure resilience and high availability of identity services.

Governance, Risk & Compliance (Banking Focus)

• Maintain documentation, SOPs, and architectural diagrams required for internal, external, and regulatory audits.
• Support audits aligned with RBI, ISO 27001, NIST, and internal security frameworks.
• Independently drive remediation and closure of audit findings related to identity infrastructure.

Required Skills & Experience

• 8 years of hands-on experience managing Active Directory in large or regulated enterprises.
• Deep expertise in AD DS, GPOs, DNS integration, authentication, and authorization mechanisms.
• Strong understanding of identity security concepts, including least privilege, privileged access, and credential protection.
• Proficiency in PowerShell scripting for automation, bulk operations, and operational efficiency.
• Experience with hybrid identity synchronization and directory integrations.
• Ability to troubleshoot complex identity and authentication issues across infrastructure layers.
• Strong documentation, communication, and audit-handling skills.

Additional / Optional Skills (Good To Have)

• Experience supporting Virtual Desktop Infrastructure (VDI) platforms such as Citrix or equivalent.
• Exposure to endpoint posture, EDR integration, and device-based access controls.
• Familiarity with Privileged Access Management (PAM) tools.
• Understanding of Zero Trust identity principles.
• Experience with certificate services (AD CS) and authentication protocols.
• Exposure to cloud identity and access security in Azure, AWS, or GCP.
• Knowledge of SIEM integration for identity-related logging and alerting.

Certifications (Preferred, Not Mandatory)

• Microsoft identity or security certifications (current or equivalent legacy credentials).
• Security certifications such as CISSP, CCSP, or relevant identity-focused credentials.

Key skills/competency

• Active Directory Domain Services (AD DS)
• Group Policy Objects (GPOs)
• DNS Management (Infoblox, External DNS)
• Identity Security & Hardening
• Privileged Access Management (PAM)
• Hybrid Identity & Integration
• PowerShell Scripting
• Security Incident Response
• Governance, Risk & Compliance (GRC)
• Regulatory Audits (RBI, ISO 27001, NIST)