Senior Active Directory

We are seeking a highly skilled and experienced Senior Active Directory / Entra ID Specialist to lead the design, implementation, and management of our hybrid identity infrastructure. The ideal candidate will have deep expertise in Active Directory, Microsoft Entra ID (formerly Azure AD), and identity governance, with a strong focus on security, automation, and user experience.

Key Responsibilities:

• Design, implement, and maintain Active Directory forests, domains, and trusts.

• Manage and optimize hybrid identity environments using Entra Connect or Cloud Sync.

• Develop and enforce Conditional Access and Zero Trust policies.

• Implement and manage Privileged Identity Management (PIM) and Identity Protection.

• Troubleshoot complex authentication and federation issues (e.g., SAML, ADFS, OAuth).

• Automate identity lifecycle processes using PowerShell, Graph API, or Logic Apps.

• Conduct regular access reviews, audit logging, and compliance reporting.

• Collaborate with security, networking, and application teams on identity-related initiatives.

• Lead or contribute to identity migration, consolidation, and modernization projects.

• Stay current with Microsoft identity roadmap and best practices.

Required Skills & Experience:

• 7+ years of experience in Active Directory and Microsoft Entra ID administration.

• Strong knowledge of identity federation, SSO, and authentication protocols.

• Experience with Entra Connect, PIM, MFA, Conditional Access, and SCIM.

• Proficiency in PowerShell scripting and Microsoft Graph API.

• Familiarity with Zero Trust architecture and identity governance frameworks.

• Experience with monitoring tools (e.g., Azure Monitor, Sentinel, AD Audit).

• Excellent troubleshooting and analytical skills.

• Strong communication and documentation abilities.

Preferred Qualifications:

• Microsoft certifications (e.g., SC-300, Az-104 AZ-500, MS-100, MS-101).

• Experience with Entra ID Governance, Access Packages, and Entitlement Management.

• Knowledge of compliance standards (e.g., ISO 27001, NIST, POPIA, GDPR).

• Experience in large-scale identity migration or merger/acquisition projects.

Tools & Technologies:

• Active Directory, DNS, GPO, Sites & Services

• Microsoft Entra ID, Entra Connect, Cloud Sync

• PowerShell, Graph API, Azure CLI

• ADFS, SAML, OAuth, OpenID Connect

• Microsoft Sentinel, Defender for Identity

• Azure Monitor, Log Analytics, Logic Apps

S6 Systems Engineer – (AD / Entra ID) — Key Requirements

Role Purpose / Job Description

• Design, implement, manage, and support on-premises Active Directory (AD) and Azure Entra ID (Azure AD) environments.

• Provide operational support (day-to-day) for identity infrastructure, user provisioning, authentication, and access management.

• Ensure secure identity lifecycle (joiner / mover / leaver) processes.

• Manage synchronization between on-prem AD and Entra ID (e.g., Azure AD Connect).

• Implement and maintain identity governance (e.g., conditional access, role-based access control, MFA, identity protection).

• Troubleshoot identity-related incidents and service disruptions, meeting SLAs.

• Work with infrastructure, security, and cloud teams to integrate identity into broader Azure, hybrid, or on-prem systems.

• Contribute to projects, such as migrating AD to Azure, modernizing identity, or consolidating domains.

• Automate identity tasks using PowerShell, Microsoft Graph, or Infrastructure-as-Code (IaC) where possible.

• Document identity architecture, processes, and standard operating procedures (SOPs).

Qualifications

• Education:

• NQF 6: 3-year Diploma / Degree in Information Technology, Computer Science, or related field

• Or equivalent experience in identity / systems engineering.

Experience:

• Minimum of 3 years experience in systems engineering (cloud, infrastructure, identity) in a medium-to-large enterprise or managed service environment.

• Experience working with on-premises Active Directory (Domain Controllers, GPOs, trusts, OU structure).

• Experience with Azure Entra ID (or Azure AD), including identity synchronization, conditional access, SSO, and MFA.

• Exposure to hybrid identity architectures (on-prem + cloud).

• Experience with identity-related incident resolution, service management, and change management.

Certifications (preferred):

• Azure certifications (e.g., AZ-900, AZ-104)

• Identity / Security-focused certs, for example: MS-500 (Microsoft Security), SC-100 (Microsoft Cybersecurity Architect), MS-900 (Microsoft 365 Fundamentals)

• ITIL Foundation (V3 or V4) to align with operational support model

Technical Skills / Competencies

• Deep understanding of Active Directory (DNS, replication, FSMO roles, GPOs, Group Policy, AD sites)

• Hands-on experience with Azure Entra ID (user/groups management, role assignments, conditional access, identity protection)

• Knowledge of Azure AD Connect (installation, configuration, sync rules, troubleshooting)

• Familiarity with identity architecture patterns (hybrid, cloud-only, federated)

• Experience with Automation / Scripting (PowerShell, Azure PowerShell, Microsoft Graph API)

• Working knowledge of identity governance tools / concepts (PIM, access reviews, least-privilege)

• Competencies in identity security controls (MFA, SSO, device-based conditional access)

• Monitoring and logging: experience in using Azure Monitor, Azure AD logs, security reporting

• Backup & disaster recovery strategies for identity services (on-prem DCs, Azure AD)

• Change management and patching experience (identity system updates, schema changes)

Behavioural / Soft Skills

• Problem Solving & Troubleshooting: Able to diagnose complex identity issues under pressure.

• Communication: Strong verbal and written communication, to work with business stakeholders, security teams, and other tech teams.

• Team Work: Works collaboratively within infrastructure, cloud, and security teams.

• Service Orientation: Focus on meeting SLAs, ensuring identity services are reliable, secure, and performant.

• Learning & Research: Keeps up to date with identity trends (e.g., Zero Trust, identity protection) and applies new knowledge.

• Resilience & Stress Management: Able to cope with production incidents; on-call support as needed.

• Process Adherence: Follows and improves standard operating procedures, change control, and documentation practices (as per behavioral expectations).

Key Deliverables / Responsibilities

• Ensure high availability and resiliency of AD / Entra ID infrastructure.

• Manage and maintain synchronization (Azure AD Connect), ensuring no identity drift.

• Implement and enforce access control policies via conditional access, RBAC, MFA.

• Regularly review identity security (audit logs, risk analysis, identity protection).

• Automate identity lifecycle tasks (provisioning, deprovisioning).

• Support project implementations (e.g., migrating on-prem AD to Azure, rearchitecting identity).

• Document identity architecture, processes, runbooks, and SOPs.

• Conduct identity health-checks, capacity planning, and performance tuning.

• Provide day-to-day operational support, including incident management, root-cause analysis, and resolution.

Reporting & Escalation

• Report into the Enterprise Infrastructure or Cloud Operations team (depending on org structure).

• Act as a technical lead for identity-specific escalations.

• Engage with security / architecture teams for alignment on identity security posture.

• Participate in Change Advisory Board (CAB) exercises for identity changes.