Used Tools & Technologies
Not specified
Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 3
Ansible @ 3
Chef @ 3
Grafana @ 2
Jenkins @ 3
Linux @ 3
DevOps @ 3
Terraform @ 3
Python @ 6
GitHub @ 3
CI/CD @ 3
Azure @ 3
Mathematics @ 3
OAuth @ 2
Salt @ 3
PowerShell @ 6
Compliance @ 3
Change Management @ 3
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
The Global Corporate Technology Group designs, deploys, and supports Bloomberg’s enterprise IT systems used by nearly 21,000 employees in more than 170 offices worldwide. As part of the Server & Storage team, this role focuses on ensuring Active Directory (AD) services are available, secure, and maintainable while managing the lifecycle of infrastructure enterprise systems and security components.
Role Summary
We are seeking a skilled and experienced Windows Active Directory (AD) Engineer to design, implement, secure, and maintain our enterprise Active Directory environment. The role requires deep expertise in AD architecture, Group Policy management, domain services, and integration with identity-related services such as ADFS and Azure AD, along with efforts to modernize and secure identity infrastructure.
Responsibilities
- Architect, implement, and maintain enterprise-scale Active Directory environments, including forests, domains, trusts, and replication strategies.
- Serve as a Domain Administrator with privileged access to Domain Controllers; manage directory infrastructure (FSMO roles, Kerberos KDCs, replication topology), oversee schema modifications and trust relationships.
- Create and manage top-level OU hierarchies with appropriate security permissions and GPO linkages; monitor and secure the domain root and Domain Controllers OU.
- Lead disaster recovery planning and execution for schema, trust, and domain-level incidents.
- Administer Group Policy at the domain root and Domain Controllers OU to ensure compliance and security.
- Perform secure remote administration of Domain Controllers and member servers.
- Coordinate alarm distribution and security event monitoring with OU Admins.
- Plan and manage AD and Domain Controller migrations and upgrades.
- Ensure compliance with regulatory and auditing requirements in a highly secure environment.
Requirements
- 4+ years of proven experience in software delivery automation and architecting complex Active Directory environments.
- Deep expertise in the Windows Server platform and supporting identity services, including Active Directory, GPO, DNS, DHCP, and Certificate Authorities (CAs).
- Strong knowledge of identity lifecycle management and authentication protocols (Kerberos, NTLM).
- Expertise designing and implementing AD forests, domains, trusts, and replication strategies.
- Extensive hands-on experience with CI/CD tools (e.g., Jenkins, GitHub, Octopus).
- Strong programming and scripting proficiency in PowerShell; intermediate programming proficiency in Python or equivalent is acceptable.
- Hands-on experience with Infrastructure as Code (Terraform, Ansible, Chef, or Salt) and applying DevOps principles.
- Comprehensive knowledge of Windows Server operating systems.
- Familiarity with monitoring and logging tools (e.g., Grafana, Humio).
- Solid understanding of security best practices, change management, and backup/recovery strategies in AD.
- Experience working in regulated environments with an emphasis on compliance and auditing.
- Degree in Computer Science, Engineering, Mathematics, or similar field, or equivalent work experience.
We'd Love to See
- Hands-on experience with Azure AD, Azure AD Connect, and Conditional Access policies.
- Familiarity with MFA, SSO, and federation technologies (e.g., ADFS, SAML, OAuth).
- Experience integrating AD with other platforms (e.g., Linux, SaaS applications).
- Experience with enterprise-wide EDR or antivirus deployment and maintenance.
- Microsoft certifications (e.g., Identity and Access Administrator, Azure Solutions Architect).
- Experience with third-party identity and privileged access management tools (e.g., CyberArk, BeyondTrust).
- Familiarity with Zero Trust architecture, conditional access models, AD forensics, incident response, and ITIL-based change management processes.
Salary
Salary Range: 130000 - 225000 USD Annually + Benefits + Bonus
Benefits
The company offers a comprehensive benefits plan which may include merit increases, incentive compensation (exempt roles only), paid holidays, paid time off, medical, dental, vision, short and long term disability, 401(k) with match, life insurance, and various wellness programs. Contingent workers/contractors and interns are not provided benefits directly.
Apply
Apply via the company's careers portal (link provided in the original posting).