Enterprise Directory Service SME

About the Role

• Managing Azure Active Directory (Entra ID). • Develop and lead the implementation of potential USCIS Virtual Desktop solutions. • Automate the mapping subnets to Active Directory sites and services. • Lead architectural and design changes, modifications and advancements to the USCISActive Directory infrastructure in collaboration with Operations for a seamless transition and delivery. • Act as a technical liaison between USCIS OIT customers and third-party software/hardware vendors to deliver necessary solutions for the agency. • Architect DNS configuration, MS Clustering services, storage configuration, terminal services, TCP/IP protocol and LDAP services. • Architect and design secure disaster recovery for Active Directory production environment. • Provide architectural analysis of existing and new directory services in order to ensure that authentication flows are going to the appropriate service, to include but not limited to: • Lead enterprise projects through architectural design, migration and solution • Participate in lifecycle planning of critical IT services, architecting and designing replacement solutions. • Work closely with internal teams to architect and lead the implementation of Group Policy Objects (GPOs), performance tuning as it relates to the latest Windows Desktop and Server Migration project(s). • Enterprise Network and Compute configuration standards development. • Work with software vendors to identify, install and deploy USCIS business need software solutions, involving AD LDAP authentication and delegation rights. • Establish and ensure all changes to the Group Policy Objects (GPOs) under Active Directory (AD) are controlled and documented. • Provide Architectural and Engineering analysis of on premise and cloud solutions to ensure, where applicable, interdependent systems have consistent architectures and divergent architectures are evaluated for business value, and removal of waste. • Enterprise Network and Compute management development. • Design and architect automated concentric circle deployment models for phased. • Perform analysis of existing USCIS Active Directory environments and develop new solutions to take advantage of new technologies and best practices provided by thenlatest versions of Windows Server, to include but not limited to: • Architect, design, and lead the implementation of Enterprise Active Directory delegation models and provide technical assistance to facility administrators, as required. • Design and lead the implementation of complex identity management solutions utilizing tools such as PKI, ADFS, Azure AD Connect, and Microsoft Identity Manager. • Support enterprise backup and disaster recovery architecture, migration planning and implementation. • Provide recommendations for new products and technology for supporting all layers of the IT infrastructure architecture based on testing and technology vetting. • Ensure GPO testing is completed prior to GPO changes to production. • Architect and lead the implementation of new group policy changes to the AD structure, new Security Technical Implementation Guides (STIGs), new operating systems, or as directed due to security or higher headquarter mandates and exceptions.

Key Responsibilities

• ▸active directory
• ▸virtual desktop
• ▸gpo management
• ▸identity management
• ▸disaster recovery
• ▸network architecture

What You Bring

• Azure AD (multiple and single tenant, commercial and Government). • Enterprise-level certifications such as: • Enterprise Management, configuration, and tools standardization. • CompTIA Advanced Security Practitioner (CASP+) • Experience with ITIL-based service delivery and governance frameworks. • Identity Credential and Access Management (ICAM). • Advanced degree (MS or higher) in a related technical field. • Privileged Remote Tool Server Administration Credential Partitioning. • Enterprise Unified Communications. • Architect solutions that integrate Azure AD Connect and Office • 365 Suite. • Experience supporting federal agencies, ideally within DHS or USCIS. • Bachelor’s degree in computer science, Information Technology, Engineering, or related discipline (or equivalent experience). • Cisco Certified Network Professional (CCNP)/Expert (CCIE) • Networking (Cisco, Juniper) • Proven experience with large-scale IT infrastructure environments, including: • Enterprise Backup and archive design and solutions. • Identity and access management (Active Directory, LDAP, PKI) • Deep knowledge of NIST security frameworks, DHS compliance standards, and the RMF process. • Certified Information Systems Security Professional (CISSP) • Strong documentation, communication, and presentation skills. • Virtualization (VMware, Hyper-V) • Cloud platforms (AWS, Azure, GCP) • VMware Certified Design Expert (VCDX) • Network (WAN/LAN) standards or changes. The contractor must be capable of supporting tools such as or similar to those identified in the tool's appendix. Additional tools may be added to the environment at the recommendation of the contractor or at the sole discretion of the Government. • 10+ years of experience in enterprise IT infrastructure roles, including architecture, design, implementation, and operations. • Experience with Zero Trust architecture, DevSecOps, and Infrastructure as Code (IaC) tools such as Terraform, Ansible, or Chef. • Active Directory Federation Services (ADFS). • U.S. Citizenship is required (federal contract requirement). • AWS Identity and Access Management (commercial and Government). • Active DHS Public Trust clearance or ability to obtain one; Secret/Top Secret preferred.

Requirements

• ▸azure ad
• ▸cissp
• ▸ccnp
• ▸vcdx
• ▸10+ years
• ▸terraform

Work Environment

Hybrid