SYSTEMS ENGINEER - ACTIVE DIRECTORY WITH SECURITY CLEARANCE
Blackstone Talent Group
Colorado Springs CO 80901 US
Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking an Active Directory Engineer to join our Client's team. Technical Skills Experience: * Deployment and maintenance of all active directory domain services/controllers. This includes monitoring the health and status of all sites and services in the enterprise.
* Deployment and maintenance of all certificate authority (CA) services, including issuing all SSL certificates and building out new CA servers in the enterprise.
* Tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.
* Tracking all issued SSL certs for all enterprise enclaves and working with existing administrators to ensure no certificate expiration, potentially impacting services to C2BMC-G user base.
* Creating and maintenance of system policies, such as Windows group policies, Linux authentication PAM rules/files (in concert with Linux/unix team), and tracking any potential issues as they arise on the system.
* Maintenance of all account matrices, including all applicable permissions cross-overs between enclaves when/if needed. * Work continuously with cyber team to ensure all RBAC controls are compliant with current policies for restriction access between enclaves and systems in enterprise for each applicable user/team.
* Assist cyber team with monitoring all directory services for out of the ordinary logins or account behavior metrics to ensure safety of data integrity of C2BMC-G system enterprise. * Work with other teams to deploy and maintain technologies that include collaborative aspects, such as instant message platforms in the enterprise.
* Work with all teams to ensure proper distributed authentication services are configured properly to ensure non-repudiation to all available sources. This can include assisting with the configuration of LDAP services to network/software solutions, to ensure RBAC access to the user base. Examples of LDAP/LDAPS connected endpoints configuration could be things like HPE iLO interfaces, Gitlab, Cisco ISE, FortiManager, Raritan KVM, etc.
Desired: * Thorough understanding of Active Directory and its replication structure when used in a distributed forest, separated through the use of WAN links
* Experience with an on-premise multi-domain environment using Role-based administrative controls (RBAC) for the least privilege
* Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners
* The ability to integrate automation technologies into daily Active Directory use is a plus
Experience Required: * 5-6 years experience with Active Directory technologies in an enterprise-level system
* Comfortable with creating and modifying group policies for forest-level application
* Management of Active Directory remote site replication policies and health monitoring
* Comfortable with using network/system health tracking solutions, such as SolarWinds for monitoring system health for both virtual infrastructure as well as hardware health
* Experience with writing standard operating procedures (SOP) documentation
* Secret Clearance Position Responsibilities: * This individual is responsible for deployment and maintenance of all directory service types activities, such as active directory domain services/controllers, certificate authorities services, policy tracking/creation, and account management functions in the enterprise. * Must be a detail oriented individual that is able to track the impact of events/actions on the underlying infrastructure being managed, such as replication schedules and group policies.
Education: Emerging authority typically with an advanced degree and 7+ years experience or bachelors with 9+ years experience or equivalent; applies extensive expertise; solves complex problems that require the regular use of ingenuity and creativity; work is performed without appreciable direction and is reviewed for desired results from a relatively long time perspective; erroneous decisions would normally result in failure to achieve major organizational objectives; may function in project leadership roles and represents the organization as prime customer contact on significant technical matters on contracts. Security Clearance Required: Secret Blackstone Talent Group is a wholly owned subsidiary of Blackstone Technology Group, a global IT services and software firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone's global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors. EOE of Minorities/Females/Veterans/Disabilities Pay Range: $60.82/hr-$70.6/hr
* Deployment and maintenance of all certificate authority (CA) services, including issuing all SSL certificates and building out new CA servers in the enterprise.
* Tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.
* Tracking all issued SSL certs for all enterprise enclaves and working with existing administrators to ensure no certificate expiration, potentially impacting services to C2BMC-G user base.
* Creating and maintenance of system policies, such as Windows group policies, Linux authentication PAM rules/files (in concert with Linux/unix team), and tracking any potential issues as they arise on the system.
* Maintenance of all account matrices, including all applicable permissions cross-overs between enclaves when/if needed. * Work continuously with cyber team to ensure all RBAC controls are compliant with current policies for restriction access between enclaves and systems in enterprise for each applicable user/team.
* Assist cyber team with monitoring all directory services for out of the ordinary logins or account behavior metrics to ensure safety of data integrity of C2BMC-G system enterprise. * Work with other teams to deploy and maintain technologies that include collaborative aspects, such as instant message platforms in the enterprise.
* Work with all teams to ensure proper distributed authentication services are configured properly to ensure non-repudiation to all available sources. This can include assisting with the configuration of LDAP services to network/software solutions, to ensure RBAC access to the user base. Examples of LDAP/LDAPS connected endpoints configuration could be things like HPE iLO interfaces, Gitlab, Cisco ISE, FortiManager, Raritan KVM, etc.
Desired: * Thorough understanding of Active Directory and its replication structure when used in a distributed forest, separated through the use of WAN links
* Experience with an on-premise multi-domain environment using Role-based administrative controls (RBAC) for the least privilege
* Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners
* The ability to integrate automation technologies into daily Active Directory use is a plus
Experience Required: * 5-6 years experience with Active Directory technologies in an enterprise-level system
* Comfortable with creating and modifying group policies for forest-level application
* Management of Active Directory remote site replication policies and health monitoring
* Comfortable with using network/system health tracking solutions, such as SolarWinds for monitoring system health for both virtual infrastructure as well as hardware health
* Experience with writing standard operating procedures (SOP) documentation
* Secret Clearance Position Responsibilities: * This individual is responsible for deployment and maintenance of all directory service types activities, such as active directory domain services/controllers, certificate authorities services, policy tracking/creation, and account management functions in the enterprise. * Must be a detail oriented individual that is able to track the impact of events/actions on the underlying infrastructure being managed, such as replication schedules and group policies.
Education: Emerging authority typically with an advanced degree and 7+ years experience or bachelors with 9+ years experience or equivalent; applies extensive expertise; solves complex problems that require the regular use of ingenuity and creativity; work is performed without appreciable direction and is reviewed for desired results from a relatively long time perspective; erroneous decisions would normally result in failure to achieve major organizational objectives; may function in project leadership roles and represents the organization as prime customer contact on significant technical matters on contracts. Security Clearance Required: Secret Blackstone Talent Group is a wholly owned subsidiary of Blackstone Technology Group, a global IT services and software firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone's global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors. EOE of Minorities/Females/Veterans/Disabilities Pay Range: $60.82/hr-$70.6/hr