About the role

You will be part of dynamic team who will be designing and implementing Zero Trust Security Model to improve BT’s security posture. You will be having an opportunity to work on Active Directory and Microsoft Entra ID (Azure Active Directory) and various new data security and compliance capability/tools such as MDI, MDE.

We are seeking a skilled and detail-oriented Active Directory professional to manage, maintain, and support our large enterprise Active Directory (AD) multi forest environment. This role is responsible for ensuring the integrity, security, and efficient operation of our AD/Entra ID infrastructure across multiple domains and environments.

What you’ll be doing

• Strong knowledge of Windows Server (2016/2019/2022/2025) and Active Directory architecture.
• Proficiency in Group Policy management, PowerShell scripting, and AD automation.
• Experience with identity management tools (Entra ID, SailPoint, etc.) is a plus.
• Understanding of cybersecurity principles related to identity and access management.
• Ability to work independently and as part of a team in a fast-paced environment.
• Manage and maintain Active Directory (AD) environment, including user accounts, groups, organizational units (OUs), group policies (GPOs), DNS, delegation, AD integrated services and trusts relation.
• Configure and manage domain controllers(demote/promote), replication, and forests/domains.
• Configure and manage Certificate Authority, Secure Certificate Templates Understanding of PKI Infrastructure.
• Monitor system performance, availability, and security using relevant tools.
• Implement and enforce security policies in accordance with IT best practices and compliance standards.
• Troubleshoot and resolve AD-related issues, including login problems, replication errors, and access control issues.
• Plan and execute changes to AD infrastructure, including migrations, upgrades, and disaster recovery.
• Collaborate with IT teams on access management, single sign-on (SSO), SailPoint and identity federation solutions.
• Document AD configurations, processes, and procedures.
• Improving Active Directory security posture by implementing various security controls like MDI, CrowdStrike, Qualys, and Patch deployment etc
• Writing PowerShell scripts to generate various reports.
• Exploring new Active Directory and Microsoft Entra ID (Azure Active Directory) Security features and help to implement it.

Essential Skills / Experience

• Detailed knowledge on Microsoft Active Directory and Entra ID (Azure Active Directory), Microsoft Entra ID Connect (AD Connect.
• Troubleshoot and resolve AD Connect sync issue
• Knowledge of Identity Protection, Conditional Access Policy, Privileged Identity Management, SSPR and Role Based Access Control.
• Expertise on various authentication protocols – Kerberos, SAML, OAUTH 2.0, OIDC
• Familiarity with Microsoft Defender features – Microsoft Defender for Cloud Apps, Microsoft Defender for Identity (MDI), Microsoft Defender for Endpoint (MDE)
• Strong analytical and debugging skills.
• Curiosity to learn new technologies.
• Ability to write required PowerShell Scrips.
• Proficiency in AD backup tool like Quest RMAD.
• Plan and execute Disaster Recovery for Active Directory Forest.
• Proficiency in Migration tool such as ADMT, Quest Migration or other.
• Configure and manage ADFS for federation service.
• Learning various trending attacks / vulnerabilities and checking if we are on correct state to withstand / prevent / identify those attacks.
• Microsoft certifications (e.g., MCSA, MCSE, Azure Administrator Associate).
• Ability to work on Service now incidents, service request and change request.
• Active Directory Security, vulnerability remediation.
• Troubleshooting Active Directory issues reported by Cross Functional team, identifying root cause, and providing the solution.

Desirable Skills / Experience

• A bachelor’s or master’s degree in computer science, information technology, or a related field, or equivalent work experience
• 6+ years of experience in Active Directory, ADCS, ADFS and Entra ID (Azure AD) administration.
• Ability to work independently and collaboratively in a fast paced and dynamic environment.
• Familiarity with Entra ID and various authentication protocols SAML, OAuth, Open ID, Kerberos.
• Would be good to have scripting and coding knowledge.
• Having Microsoft Identity and Access Management Administrator certification is a plus.
• Microsoft certifications (e.g., MCSA, MCSE, Azure Administrator Associate).
• Basic of Linux, Networking and Virtualization.