Job Description:

The Client's Technology Services Division (TSD) seeks a qualified Active Directory/Azure Administrator to manage the administration, implementation, and maintenance of Active Directory and Azure infrastructures.

This position provides 24x7x365 operational support for 25,000+ Judicial and non-Judicial branch users across the state.

On call responsibilities include evenings and weekends to support all described infrastructure.

As the subject matter expert for AD/Azure, the person in this position provides non-supervisory technical leadership for the team and ensures that all new and existing AD/Azure technologies are successfully deployed and maintained.

Responsibilities include but are not limited to the following:
• Active Directory Administration

o Manage operation, health, and security of a multi-site domain.

o Manage on-prem active directory environment and associated services like DNS, certificate services, etc.

o Administer and support client Identity Management platform.
• Azure AD Administration

o Administer and maintain the hybrid and cloud-only identities across multiple Azure AD tenants.

o Create and maintain Conditional Access Policies.

o Support SAML and OAuth application configurations.
• Active Directory Security

o Manage Group Policy Objects (GPOs).

o Support on-prem, hybrid, and cloud identity and access management.

o Support identity and asset lifecycle management.

o Assist with potential compromised account investigations.

o Create and tune DLP and AIP policies.
• Special Data Requests

o Handle access investigation requests as required.

o Respond to data access and loss investigations.
• General Administration

o Perform troubleshooting, root cause analysis, and performance benchmarking.

o Respond to help desk tickets.

o Generate and distribute monthly statistical reporting.

o Provide support for issues ranging from single-user issues to system-wide problems.

o Assist with periodic testing of disaster preparedness for the client Judicial Center Data Center.

Other Duties Assigned:

The person in this position reports to the Distributed Computing Manager.

Work hours are 8:00 AM - 5:00 PM, Monday - Friday plus on-call responsibilities as scheduled.

Knowledge, Skills, and Abilities / Competencies Knowledge of:

Advanced level administrative knowledge of Microsoft Active Directory, Azure Active Directory, and hybrid identities; and familiarity with creating and tuning data loss prevention policies and data classification policies.

Skills in: managing and monitoring user activity and risk for on-prem, cloud only, and hybrid identities.

Ability to: to create and manage on-prem, cloud only, and hybrid identities across multiple tenants either through the GUI or programmatically using PowerShell; utilize configuration management to meet the goals of security and compliance; create and manage Azure Conditional Access Policies to meet organizational access and security objectives; work efficiently and effectively with little oversight; manage a mature operation based on repeatable processes and appropriate metrics; communicate effectively with both technical and non-technical stakeholders at all levels; diagnose issues and apply appropriate trouble-shooting analysis; prepare and present facts clearly and concisely in both written and oral form; evaluate and document processes and record keeping methods; and contribute to process improvements.

Minimum Education and Experience Requirements

Bachelor's degree in computer science or another related information technology field and four (4) years of IT related work experience; or an equivalent combination of education and experience.

Management recommends that candidates have five (5) years of directly related experience in Windows Active Directory and three (3) years of directly related experience to Azure Active Directory Administration within an enterprise environment.

Management prefers candidates with:
• experience with PowerShell tool scripting.
• cloud services management experience, preferably Azure and AWS.
• IAM experience within multi domain and cloud tenant environments.
• experience writing complex search queries in response to security incidents.
• experience configuring custom monitoring KPIs.
• knowledge of common security standards such as PCI, FERPA, and NIST.
• familiarity with Client Statewide security standards. Microsoft certifications are a plus.