Enterprise Identity Engineer

Location: Spring, Texas
JPC: 1077

Overview

• We are seeking a highly skilled Enterprise Identity Engineer to manage, support, and secure enterprise identity infrastructure.
• This role is responsible for the administration, reliability, and security of Active Directory and related identity services that underpin critical business systems.
• The position includes Tier 0 / Enterprise Administrator access, requiring the highest levels of trust, security awareness, and technical expertise.
• Due to the elevated cybersecurity risk associated with this role, candidates must be willing to successfully complete an enhanced background check as a condition of assignment.
• This is an onsite role based in Spring, TX, supporting a large‑scale enterprise environment and participating in an on‑call rotation for identity and security services.

Responsibilities

• Administer, maintain, and secure Active Directory (AD) environments, including domain controllers, replication, DNS, and security hardening.
• Manage Active Directory Certificate Services (ADCS) and enterprise Public Key Infrastructure (PKI), including certificate lifecycle management.
• Support and maintain Active Directory Federation Services (ADFS) and integrations with internal and external identity providers.
• Implement and manage Azure Information Protection (AIP) to support enterprise data security and classification initiatives.
• Configure and manage Hardware Security Modules (HSMs) for cryptographic key protection and secure operations.
• Design, implement, and enforce Group Policy Objects (GPOs) to meet security, compliance, and operational standards.
• Ensure secure authentication and authorization through deep expertise in Kerberos, Service Principal Names (SPNs), and keytab management.
• Utilize Quest tools (Change Auditor, RMAD, GPOAdmin) for auditing, monitoring, disaster recovery, and policy governance.
• Deploy and manage cloud infrastructure in AWS, leveraging Terraform and Infrastructure‑as‑Code (IaC) practices for automation and consistency.
• Develop and maintain PowerShell automation scripts for operational efficiency, reporting, and security controls.
• Partner with cybersecurity and compliance teams to ensure adherence to enterprise security standards and best practices.
• Participate in an on‑call rotation to support critical identity and security services and resolve high‑severity incidents.
• Work as part of an Agile team, participating in ceremonies and collaborating with application developers, business stakeholders, and infrastructure teams.

Required Qualifications

• Strong experience administering Active Directory in complex, enterprise‑scale environments.
• Hands‑on expertise with ADCS, PKI, and certificate lifecycle management.
• In‑depth knowledge of Kerberos authentication, SPNs, and keytabs.
• Advanced experience managing and troubleshooting Group Policy Objects (GPOs).
• Proficiency in PowerShell scripting for automation, auditing, and reporting.
• Experience with Terraform and Infrastructure‑as‑Code concepts.
• Familiarity with AWS infrastructure and cloud‑based identity integrations.
• Experience using Quest Change Auditor, RMAD, and GPOAdmin.
• Solid understanding of enterprise security principles, especially those related to privileged access and identity protection.
• Ability to meet requirements for enhanced background screening due to Tier 0 access.

Preferred Qualifications

• Experience with Azure Information Protection (AIP) or Microsoft security and identity services.
• Knowledge of HSM configuration and cryptographic key management.
• Experience supporting identity platforms in regulated or high‑security environments.
• Prior work in large enterprises or oil & gas–scale environments.

Contact: ruchi.tammara@pantheon-inc.com