Senior Active Directory Engineer

Sr. Active Directory Engineer | Hybrid (x4 days on-site) | Burbank, Seattle, or Orlando

Optomi, in partnership with a media and entertainment conglomerate, is seeking an experienced Senior Active Directory (AD) Engineer to join their team in Burbank, Orlando, or Seattle! This role will support the company’s Active Directory modernization and standardization initiative, focusing on migrating on-premises AD lifecycle management to a cloud-first identity model using Microsoft Entra ID (Azure AD). The engineer will work closely with architects and senior engineers while contributing to large-scale AD initiatives in a complex enterprise environment. The position is a nine-month contract through the end of the fiscal year, with possible extension but no guaranteed conversion to full-time. The role is hybrid, requiring in-office presence four days per week, with no on-call responsibilities; after-hours operational support is handled by a dedicated team.

Experience of the right candidate:

• Minimum of 5 years of related work experience in Active Directory engineering and administration
• Hands-on experience in large, multi-domain AD environments (100 domain controllers, 500,000 user accounts)
• Demonstrated experience designing, implementing, and integrating enterprise-level hybrid identity solutions with at least 40,000 users, including:

- Active Directory (AD)

- Azure Active Directory (AAD / Microsoft Entra ID)

- Microsoft Identity Manager

- Active Directory Federation Services (ADFS) / Azure AD Connect (AADC)

- Integrations between key services and various LDAP providers

• Experience engineering, designing, and integrating both infrastructure components (domain controllers, sites/services, connectivity) and logical aspects (GPO management, directory structure, management toolsets)
• Experience in project management of large IT initiatives
• Experience working with and directing suppliers in outsourced environments
• Certifications and degrees preferred but not required

Responsibilities of the right candidate:

• Support the assessment, analysis, and modernization of the AD environment
• Maintain and manage local AD on-prem devices and domain controllers, including operational support, incident response, and running reports (e.g., Power BI)
• Assess existing domain controllers, identify consolidation opportunities, and develop migration strategies
• Perform domain controller upgrades, decommissioning, and ensure replication integrity and domain health during consolidation
• Analyze existing PKI infrastructure and certificates, migrate certificates to a modern PKI infrastructure with minimal disruption, and revoke/renew/replace legacy or non-compliant certificates
• Identify and remove stale objects, orphaned accounts, and unused policies; optimize AD replication, site topology, and GPOs
• Implement best practices for AD security, auditing, and hardening
• Diagnose and resolve AD, DNS, and PKI-related issues, collaborating with security and infrastructure teams to remediate vulnerabilities
• Document configurations, policies, and procedures for operational and future reference
• Contribute to process and system configuration improvements; identify and implement automation opportunities to reduce manual tasks and ticket volume
• Evaluate capabilities of services/products, define engineered designs with full documentation, and follow structured methodologies for technical analysis
• Collaborate with architects and senior engineers, providing guidance and operational insights, without leading design efforts