Directory Services Associates

The Directory Services Associates within the Alight Identity Security team is responsible for securing, maintaining, and ensuring high availability of enterprise directory and identity platforms. They will support Tier 0/1 systems, protect privileged access, integrate identity/security technologies, and provide operational and incident‑response support. Ideal candidates bring strong experience with directory services, scripting, cloud platforms, IAM technologies, and modern authentication protocols.

• Ensure Directory Services platforms are secure, compliant, and highly available.
• Prioritize and protect privileged identities – leverage RBAC, ACLs, etc. to uphold least privilege and Just-In-Time access.
• Support performance, resilience, and availability of Tier 0/Tier 1 systems.
• Provide technical assistance to support team members.
• Proactively monitor systems for performance and reliability.
• Assist security and compliance audits.
• Help with maintaining and developing technical documentation, code repositories, and training materials.
• Coordinate maintenance and support activities.
• Communicate with application development groups and end-users to resolve issues and complete requests.
• Integration of Identity/Security platforms and associated lifecycles (ex: implementation/maintenance/upgrades/etc.).
• Incident response – may require off-hours support.

• 3+ years of professional experience in Directory Services and/or Identity and Access Management.
• Understanding of AD DS architecture, including forests, domains, trusts, FSMO roles, replication, and multi-site topology.
• Experience integrating with IAM platforms such as Saviynt, Entra ID, SailPoint, Okta, and PingFederate.
• Understanding of LDAP concepts, schema extensions, and directory query optimization.
• Experience with PKI, certificate lifecycle management, CRL distribution, NDES/SCEP, and AD-integrated certificate services.
• Scripting and automation experience (Bash, PowerShell, Python, or Ansible).
• Proficiency with Group Policy (GPO) design and implementation.
• Experience with Cloud service providers (ex: AWS/Azure/etc.) and cloud service models (IaaS/PaaS/SaaS), and cloud networking constructs.
• Excellent verbal and written communication skills.

• Managing directories such as Active Directory, eDirectory, and Radiant Logic (FID/SaaS).
• Familiarity and experience with CI/CD and Infrastructure-as-Code (ex: Terraform).
• Experience with Azure AD/Entra conditional access policies and Entra Connect.
• Privileged Access Management (PAM).
• In-depth knowledge of authentication (Authn) and authorization (Authz) concepts.
• Experience with ITSM platforms (ex: SNOW/BMC Remedy).
• Knowledge of SSO and federation standards (SAML 2.0, OAuth 2.0, OIDC).
• Technical troubleshooting skills that follow engineering principles.
• Understanding of Agile process and concepts (ex: SCRUM/SAFe/Kanban).
• Monitoring platform experience and tuning (ex: performance thresholds/connectivity/availability/alert conditions/etc.).
• Systems Engineering proficiency with DNS, DHCP, TCP/IP, UDP, Failover Clustering, SIEM, IIS/Tomcat, Virtualization (VMWare/Hyper-V), Load Balancing (ex: F5/NLB/ALB/etc.)

We offer you a competitive total rewards package, continuing education & training, and tremendous potential with a growing worldwide organization.
 

DISCLAIMER:

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities of this job to other entities; including but not limited to subsidiaries, partners, or purchasers of Alight business units.