The Big Picture
Sysco LABS is the Global In-House Center of Sysco Corporation (NYSE: SYY), the world’s largest foodservice company. Sysco ranks 56th in the Fortune 500 list and is the global leader in the trillion-dollar foodservice industry.
Sysco employs over 75,000 associates, has 337 smart distribution facilities worldwide and over 14,000 IoT-enabled trucks serving 730,000 customer locations. For fiscal year 2025 that ended June 29, 2025, the company generated sales of more than $81.4 billion.
Sysco LABS Sri Lanka delivers the technology that powers Sysco’s end-to-end operations.
Sysco LABS’ enterprise technology is present in the end-to-end foodservice journey, enabling the sourcing of food products, merchandising, storage and warehouse operations, order placement and pricing algorithms, the delivery of food and supplies to Sysco’s global network and the in-restaurant dining experience of the end-customer.
Location: Sri Lanka
Employment Type: Full-Time
Title : Engineer - Active Directory Infrastructure
Experience Level: 1- 3 years
About the Role
Join our newly established Active Directory Infrastructure Team as an Active Directory Administrator. You'll be part of a 5-member team dedicated to managing and supporting our enterprise identity and directory services across multiple global domains. You will play a crucial role in ensuring secure and seamless authentication for our global workforce.
Note: This role provides 16 hours of daily support (8 hours on-desk, 5 days a week, and 8 hours on-call on a rotational roster).
Our Identity Environment:
Hybrid Directory Services: Global On-Premises Active Directory forests integrated with Microsoft Entra ID (formerly Azure AD).
Authentication & Access: Kerberos, NTLM, LDAP/S, SAML, and Oauth integrations across Windows, Linux, and multi-cloud platforms (Azure, AWS, GCP).
Endpoint Integration: Windows and Linux endpoints (workstations, laptops, mobile) domain-joined or hybrid-joined globally.
Collaborative Support Model: Working closely as the Identity Subject Matter Experts (SME) alongside local IT and Field Support teams worldwide.
What You'll Do
Directory Administration: Manage Active Directory objects (Users, Computers, Groups, Service Accounts) and Organizational Units (OUs) following best practices.
Authentication Support: Troubleshoot complex authentication and domain-join issues for endpoints (Windows/Linux) and applications utilizing Kerberos, NTLM, and LDAP.
Server Core Administration: Support and troubleshoot Domain Controllers deployed on Windows Server Core, utilizing Remote Server Administration Tools (RSAT), Windows Admin Center, and command-line interfaces for daily maintenance.
Group Policy Management: Assist in the creation, deployment, and troubleshooting of Group Policy Objects (GPOs) to enforce security baselines and configure endpoints.
AD Health & Monitoring: Monitor AD replication, Domain Controller health, and Directory Services event logs (using tools like dcdiag and repadmin).
Directory Automation & Reporting: Utilize PowerShell scripting to automate routine identity tasks, execute bulk object updates (users, groups, computers), and generate directory audit reports.
Hybrid Identity Operations: Support Entra ID (Azure AD) sync operations (AAD Connect) and troubleshoot hybrid-join device scenarios.
Cross-Platform Auth: Assist with Linux domain integration (SSSD, Realmd) and authentication troubleshooting for cross-platform endpoints.
PKI & Certificate Management: Support Active Directory Certificate Services (AD CS) operations, including processing Certificate Signing Requests (CSRs), managing certificate templates, and troubleshooting client auto-enrollment issues for endpoints and servers.
DNS & DHCP: Manage and troubleshoot DNS records and zones, as they relate to domain health and client connectivity.
Migrations: Lead multi-domain and multi-forest Active Directory migration planning, execution, troubleshooting, identity integration, trust management, and post-migration support.
Documentation: Maintain runbooks, standard operating procedures (SOPs), and knowledge base articles for AD support and administration.
What We're Looking For
Required:
Bachelor's degree in Computer Science, IT, or related field (or equivalent experience).
Solid foundational understanding of Active Directory architecture (Domains, Forests, OUs, Sites and Services, Domian Migrations).
Experience with Active Directory Users and Computers (ADUC), DNS, and Group Policy Management Console (GPMC).
Familiarity with navigating and managing GUI-less environments (Windows Server Core) using command-line tools and PowerShell.
Foundational understanding of Public Key Infrastructure (PKI) concepts, including Certificate Authorities (CAs), digital certificates, and encryption basics.
Understanding of core authentication protocols (Kerberos, LDAP, NTLM).
Intermediate experience using PowerShell (specifically the Active Directory module) to query directory objects, parse event logs, and execute administrative commands.
Strong logical troubleshooting skills with a focus on identity, permissions, and access rights.
Excellent communication skills for collaborating with global remote teams and guiding Field Support.
Willingness to work in rotational shifts/on-call.
Preferred:
Familiarity with Microsoft Entra ID (Azure AD), AD Connect, and Hybrid Azure AD join scenarios.
Knowledge of enterprise identity integration with cloud platforms (AWS Directory Service, GCP Cloud Identity, SSO).
Relevant Microsoft certifications (e.g., SC-300: Identity and Access Administrator, AZ-800, or foundational MS-900/SC-900).
Familiarity with Privileged Access Management (PAM) or Just-in-Time (JIT) access concepts.
Experience with IT service management (ITSM) tools like ServiceNow.
ITIL Foundation certification
Benefits
Performance-based annual bonus
Performance rewards and recognition
Agile Benefits - special allowances for Health, Wellness & Academic purposes
Paid birthday leave Team engagement allowance
Comprehensive Health & Life Insurance Cover - extendable to parents and in-laws
Hybrid work arrangement
Sysco LABS is an Equal Opportunity Employer.
Skills Required
- Bachelor's degree in Computer Science, IT, or related field (or equivalent experience).
- Foundational understanding of Active Directory architecture (Domains, Forests, OUs, Sites and Services, Domain Migrations).
- Experience with Active Directory Users and Computers (ADUC), DNS, and Group Policy Management Console (GPMC).
- Familiarity with GUI-less Windows Server Core environments using command-line tools and PowerShell.
- Foundational understanding of PKI concepts, Certificate Authorities, and digital certificates.
- Understanding of core authentication protocols (Kerberos, LDAP, NTLM).
- Intermediate PowerShell experience, specifically the Active Directory module for queries and automation.
- Strong logical troubleshooting skills focused on identity, permissions, and access rights.
- Excellent communication skills for collaborating with global remote teams and guiding Field Support.
- Willingness to work rotational shifts and be on-call.
- Familiarity with Microsoft Entra ID (Azure AD), AD Connect, and Hybrid Azure AD join scenarios.
- Knowledge of enterprise identity integration with cloud platforms (AWS Directory Service, GCP Cloud Identity, SSO).
- Relevant Microsoft certifications (e.g., SC-300, AZ-800, MS-900/SC-900).
- Familiarity with Privileged Access Management (PAM) or Just-in-Time (JIT) access concepts.
- Experience with ITSM tools like ServiceNow.
- ITIL Foundation certification.
Sysco Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Sysco and has not been reviewed or approved by Sysco.
-
Healthcare Strength — Multiple national medical plan options with telehealth, behavioral health resources, and targeted programs indicate broad coverage and support. Preventive care access and ancillary offerings (dental, vision, Rx advocacy) further reinforce the package.
-
Retirement Support — A 401(k) with automatic company contributions plus a match, alongside an employee stock purchase plan, underscores solid retirement support. At union locations, enhanced pension terms add to perceived long‑term value.
-
Pay Growth & Progression — Recent collective bargaining outcomes with substantial wage increases demonstrate meaningful pay progression where contracts apply. In high‑volume markets, incentive structures can amplify earnings beyond base rates.
Sysco Insights
What We Do
Sysco is the global leader in selling, marketing and distributing food and related products to customers who prepare meals away from home. This includes restaurants, healthcare and educational facilities, lodging establishments, entertainment venues, and more. Sysco operates almost 340 distribution centers, in over 10 countries, with 76,000 colleagues serving approximately 730,000 customer locations. The company generated sales of more than $81 billion in fiscal year 2025 that ended June 28, 2025. As the world’s largest food-away-from-home distributor, Sysco offers customized supply chain solutions, bespoke specialty product offerings, and culinary support to drive customers to innovate and optimize their operations. We act as a trusted business partner to our customers, helping them grow through our industry-leading portfolio that includes fresh produce, premium proteins, specialty products, sustainably focused items, equipment and supplies, and innovative culinary solutions. For more information, visit www.sysco.com. For important news and key information for Sysco investors, visit the Investor Relations section of the company’s website at investors.sysco.com.






