Azure Active Directory Architect

Role Overview

We are seeking an experienced Azure Active Directory (AAD) L3 Architect to lead the design, implementation, and operational management of enterprise identity and access management (IAM) solutions across hybrid environments. This role requires deep expertise in on-premises Active Directory, Azure AD, and federation services, along with strong capabilities in troubleshooting, automation, and security governance.

Key Responsibilities

Architecture & Design

• Define and govern technical standards for Active Directory and Azure AD environments.
• Design and implement secure, scalable hybrid identity solutions.
• Establish IAM frameworks, policies, and procedures aligned with organizational and regulatory requirements.

Operations & L3 Support

• Handle Level 3 (L3) support including critical incident resolution, root cause analysis, and complex troubleshooting.
• Manage and optimize AD infrastructure components such as DNS, GPOs, replication, and FSMO roles.
• Monitor and maintain Azure AD Connect Health, ensuring seamless directory synchronization.

Integration & Automation

• Configure and manage Azure AD Connect, synchronization rules, and staging environments.
• Implement SSO integrations using SAML, OAuth, and OIDC protocols.
• Develop automation solutions using PowerShell scripting and Microsoft Graph API.

Security & Compliance

• Implement and manage MFA, Conditional Access, and Privileged Identity Management (PIM).
• Conduct periodic audits, reporting, and compliance validation.
• Define and maintain disaster recovery strategies for AAD Connect and ADFS environments.

Collaboration & Governance

• Act as a trusted advisor to stakeholders on IAM strategy and best practices.
• Lead technical governance discussions and contribute to strategic IAM roadmaps.
• Mentor junior engineers and support knowledge-sharing initiatives.

Required Technical Skills

Active Directory (On-Premises)

• AD replication, schema management, GPO administration, and troubleshooting.
• DNS/DHCP configuration and domain trust management.

Azure Active Directory

• Enterprise application integration, SSO setup, and certificate lifecycle management.
• Expertise in Conditional Access, MFA, and identity lifecycle management.

ADFS & Federation

• Federation services setup, certificate management, and disaster recovery planning.

Automation

• Advanced PowerShell scripting for AD/AAD administration.
• Hands-on experience with Microsoft Graph API for automation and integration.

Behavioral Competencies

• Strong analytical thinking and problem-solving capabilities.
• Excellent communication and stakeholder management skills.
• Ability to operate in Agile environments and lead technical initiatives.
• Strategic mindset with strong business acumen.

Experience & Qualifications

• 8–10 years of experience in Active Directory and Azure AD engineering/architecture.
• Relevant certifications such as:
• Microsoft Certified: Azure Administrator Associate
• Microsoft Certified: Azure Solutions Architect Expert (preferred)
• Experience in retail or large enterprise environments is a plus.