About this role
Own the architecture, health, and security of Active Directory and operate enterprise Windows Server platforms to ensure stability, scalability, and security. Serve as a senior escalation point, mentor other engineers, and automate improvements using PowerShell.
Key Responsibilities
- Own the architecture, health, and security of Active Directory
- Lead advanced troubleshooting and integration for authentication and identity
- Architect and secure enterprise PKI using Active Directory Certificate Services (ADCS)
- Manage operational health and lifecycle of Windows Server platforms with patching and hardening
- Develop PowerShell automation and act as senior escalation point with on-call responsibility
Technical Overview
Hands-on Active Directory administration spanning forests, domains, trusts, and replication topology; deep authentication troubleshooting across Kerberos, NTLM, SPNs, delegation, and replication. Manages PKI with Active Directory Certificate Services (ADCS), enforces Group Policy and DNS standards, and performs Windows Server lifecycle management and hardening for Windows Server 2016/2019/2022/2025 using PowerShell automation.
Ideal Candidate
The ideal candidate is a senior Windows infrastructure engineer with 3-5 years of deploying and securing a global Active Directory environment and 7-10 years supporting enterprise Microsoft Windows Server role services. They are an expert in Active Directory architecture and authentication troubleshooting (Kerberos, NTLM, SPNs, delegation, replication), and can operate and harden Windows Server 2016/2019/2022/2025 while automating with PowerShell.
Must-Have Skills
Deep expertise across all core Windows Server roles and featuresincluding Active DirectoryDNSDHCPGroup Policyand File/Print services3-5 years deployingsecuring and maintaining a global Active Directory environment7-10 years of professional experience supporting Microsoft Windows Server environments including all role and featuresProven experience operating enterprise-scale Windows Server environmentsincluding performancepatchingand reliabilityDeep ability to troubleshoot authenticationreplicationnetworkand performance issuesExperience with patch management process and toolingendpoint protectionand server hardeningBachelor's degree in computer scienceengineeringor related field (or equivalent experience)
Nice-to-Have Skills
Microsoft certifications
Tools & Platforms
PowerShellActive DirectoryDomain Name System (DNS)Dynamic Host Configuration Protocol (DHCP)Group PolicyActive Directory Certificate Services (ADCS)Public Key Infrastructure (PKI)
Required Skills
Active DirectoryDNSDHCPGroup PolicyFile/Print servicesKerberosNTLMSPNsdelegationreplicationPKIADCScertificate lifecycleCRL distributionWindows Server 2016/2019/2022/2025server lifecycle managementpatch managementserver hardeningroot cause analysisPowerShell automationon-call escalation
Hard Skills
Active DirectoryDNSDHCPGroup PolicyFile/Print servicesActive Directory forestsActive Directory domainsActive Directory trustsActive Directory replication topologyauthentication troubleshootingidentity integrationKerberosNTLMSPNsdelegationreplicationActive Directory security controlsTiered administration models (Tier 0/1/2)privileged access strategiesPKIADCScertificate lifecycletemplate governanceCRL distributionGroup Policy designDNS architecturedomain-joined systemsWindows ServerWindows Server 2016Windows Server 2019Windows Server 2022Windows Server 2025server lifecycle managementbuild standardspatching strategycompliancedecommissioningroot cause analysissystem optimizationserver hardeningmonitoringresiliencyPowerShellautomation
Soft Skills
troubleshootingsystem optimization mindsetmentoringtechnical mentoringcommunicationacting as an escalation pointcollaborationincident resolution ownership
Certifications
Preferred
Microsoft certifications
Keywords for Your Resume
Senior Windows EngineerWindows EngineerActive DirectoryDNSDHCPGroup PolicyFile/Print servicesActive Directory forestsdomainstrustsreplication topologyKerberosNTLMSPNsdelegationreplicationActive Directory security controlsTier 0Tier 1Tier 2privileged access strategiesPKIActive Directory Certificate Services (ADCS)certificate lifecycletemplate governanceCRL distributionWindows Server 2016Windows Server 2019Windows Server 2022Windows Server 2025PowerShellpatch managementserver hardeningroot cause analysison-call
Deal Breakers
Must have 3-5 years deploying, securing and maintaining a global Active Directory environment, Must have 7-10 years supporting Microsoft Windows Server environments including all role and features, Must demonstrate deep troubleshooting ability for authentication, replication, network, and performance issues
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile