Directory Services Engineer

Overview

The Directory Services Engineer within the Alight Identity Security team is responsible for the security, reliability, and availability of enterprise directory and identity platforms. This role supports Tier 0 and Tier 1 identity systems, safeguards privileged access, integrates identity and security technologies, and provides operational and incident‑response support across the enterprise.

The ideal candidate will bring strong hands‑on experience with directory services, cloud platforms, IAM technologies, scripting and automation, and modern authentication and federation protocols.

Key Responsibilities

Platform Administration & Operations

• Ensure directory services platforms are secure, compliant, resilient, and highly available.
• Maintain performance, availability, and resilience of Tier 0 and Tier 1 identity systems.
• Proactively monitor systems for performance, stability, and reliability.
• Protect privileged identities by enforcing least‑privilege principles using RBAC, ACLs, and Just‑In‑Time access.
• Support security, compliance, and regulatory audits.
• Participate in incident response activities, including off‑hours support as required.

Integration & Engineering

• Lead and support the integration, lifecycle management, and engineering of identity and security platforms.
• Collaborate with application development teams and end users to resolve incidents and complete service requests.
• Provide technical leadership and guidance to operational support team members.
• Support architectural decisions related to identity, authentication, authorization, and platform resilience.

Upgrades, Support & Documentation

• Coordinate platform maintenance, upgrades, and operational support activities.
• Develop and maintain technical documentation, scripts, code repositories, and training materials.
• Ensure proper knowledge transfer, documentation, and operational readiness during platform changes and upgrades.
• Support ongoing operational improvements through documentation and process refinement.

Required Qualifications

• 7+ years of professional experience in Directory Services and/or Identity & Access Management (IAM).
• Deep understanding of Active Directory Domain Services (AD DS) architecture, including forests, domains, trusts, FSMO roles, replication, and multi‑site topology.
• Hands‑on experience integrating with IAM platforms such as Saviynt, Microsoft Entra ID (Azure AD), SailPoint, Okta, and PingFederate.
• Strong knowledge of LDAP concepts, schema extensions, and directory query optimization.
• Experience with PKI and certificate lifecycle management, including CRLs, NDES/SCEP, and AD‑integrated certificate services.
• Proficiency in scripting and automation (PowerShell, Bash, Python, Ansible).
• Strong experience designing and managing Group Policy Objects (GPOs).
• Extensive experience with cloud platforms (AWS, Azure) and service models (IaaS, PaaS, SaaS), including cloud networking concepts.
• Excellent written and verbal communication skills.

Preferred Qualifications

• Experience managing directory platforms such as Active Directory, eDirectory, and Radiant Logic (FID/SaaS).
• Familiarity with CI/CD pipelines and Infrastructure‑as‑Code tools (e.g., Terraform).
• Experience with Microsoft Entra Conditional Access and Entra Connect.
• Knowledge of Privileged Access Management (PAM) solutions.
• Strong understanding of authentication and authorization principles.
• Experience with ITSM platforms (ServiceNow).
• Hands‑on knowledge of SSO and federation standards (SAML 2.0, OAuth 2.0, OIDC).
• Proven troubleshooting skills grounded in engineering best practices.
• Familiarity with Agile methodologies (Scrum, SAFe, Kanban).
• Experience with monitoring platforms and tuning alerts for performance, availability, and connectivity.
• Broad systems engineering experience including DNS, DHCP, TCP/IP, clustering, SIEM, IIS/Tomcat, virtualization (VMware/Hyper‑V), and load balancing (F5, NLB, ALB).

We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.
 

DISCLAIMER:

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units.

.