Functional Responsibilities:

The SSA/AD shall possess an active and transferable U.S. TOP-SECRET (with SSBI). The SSA/AD shall routinely make group policy modifications to support the needs of the domain. The SSA/Active Directory shall review existing configurations of the replication topology for inconsistencies and deploys new configurations during site build. She/he shall author PowerShell scripts to automate deployment tasks. The SSA/AD shall configure and troubleshoot name resolution in an Active Directory-integrated split-brain DNS environment. The SSA/AD shall perform daily health checks of the enterprise, and up-channel findings with suggested remedies for implementation. The SSA/AD shall manage the Active Directory-based activation of Windows platforms. Implements security enhancements to the environment as directed by the CSO. The SSA/AD shall proactively review current Active Directory technologies and presents suggestions of those which may enhance the mission. The SSA/AD shall support the unit with other duties as assigned within the scope of work.

Minimum General Experience:

• Enterprise-level experience in optimizing Directory Services infrastructure and hierarchy.
• Experience monitoring and maintaining existing Directory Services environments in multiple enclaves with various mission requirements.
• Utilizes Group Policy to harden resources within the environment.
• Working knowledge of DISA STIGs and their implementation.
• Evaluate the relationship between existing policies and plans for the introduction of those needed in the future.
• Troubleshoot Group Policy processing issues that arise on systems within the environment.
• Maintain DNS at the service level, verifying functionality and troubleshooting issues.
• Utilize split-brain DNS for multi-homed enterprise resources.
• Working knowledge of designing/maintaining AD Federated Services and technologies.
• Maintain the health of existing AD Certificate Services technologies.
• Enterprise-level knowledge of Multifactor authentication design and implementation as it pertains to Active Directory and Certificate Services.
• Enterprise-level mastery of Active Directory 2016, 2019, 2022 and latest version.
• Author PowerShell scripts that will be used to standup and maintain AD environments.
• Experience creating and managing custom schema objects within Active Directory.
• Working experience analyzing current Active Directory delegation and proposing steps to convert to a zero trust-based delegation model.

Preferred Skills:

• Experience with designing and developing Federated Services.
• Programing skills utilizing C# and .net to manipulate AD resources.
• Experience maintaining code repositories to ensure proper change management.
• Experience working with on-premises vendor support to run proactive scans analyzing Active Directory technologies and remediating identified issues.

Minimum Education: Four (4) year college degree in system administration, information technology, computer science, computer engineering, plus five (5) years of experience in designing, managing, administering, documenting, troubleshooting, and supporting Active Directory components as detailed above or in lieu of education ten (10) years of experience in designing, managing, administering, documenting, troubleshooting, and supporting Active Directory components within IT systems in both production and development environments. If utilizing in lieu of education, all experience must be at or above the position level described above.