Job Requirements
Dallas, TX
Top Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
$145,000 - $160,000
Job Description
Sr Systems Engineer
What You'll Do
-Lead the design and deployment of Active Directory forest and domain architecture, including multi-domain and multi-forest environments
-Architect and implement Active Directory Federation Services (ADFS) solutions to enable single sign-on (SSO) across classified and unclassified systems
-Design and configure cross-domain and cross-forest trust relationships in complex, segmented network environments
-Develop and enforce role-based access control (RBAC) frameworks, group policy objects (GPOs), and delegation models aligned with least-privilege principles
-Align directory services architecture with DISA STIG requirements, NIST 800-53 controls, and program-specific security policies
-Collaborate with cybersecurity teams to support ATO processes, RMF documentation, and identity-related continuous monitoring requirements
-Serve as the subject matter expert for identity and directory services, providing technical leadership and mentorship to junior engineers
-Troubleshoot and resolve complex Active Directory, ADFS, and identity federation issues across multi-domain environments
-Evaluate emerging identity and access management technologies and recommend solutions aligned with program roadmaps and government requirements
-Produce and maintain technical documentation including forest design diagrams, trust maps, RBAC matrices, and configuration baselines
What You Bring
-8–10+ years of hands-on experience in systems engineering with deep expertise in Active Directory architecture and identity management
-Demonstrated experience designing and deploying AD forest and domain structures in large-scale enterprise or government environments
-Strong working knowledge of ADFS, SSO federation protocols (SAML, OAuth, WS-Federation), and identity provider configuration
-Experience designing and managing cross-domain and cross-forest trust relationships in segmented or classified network environments
-Deep understanding of RBAC frameworks, GPO design, and least-privilege access models
-Working knowledge of DISA STIGs, NIST 800-53, and RMF as applied to directory services and identity infrastructure
-Active Top Secret security clearance required; TS/SCI eligibility strongly preferred
-Microsoft certifications (MCSE, Azure AD, or equivalent) a strong plus
Preferred Qualifications
-Prior experience supporting classified programs in a DoD, IC, or cleared defense contractor environment
-Familiarity with Azure Active Directory, hybrid identity architectures, and cloud identity integration
-Experience with Privileged Access Management (PAM) solutions such as CyberArk or BeyondTrust
-Familiarity with PKI infrastructure, certificate services, and smart card authentication in DoD environments
-Experience with PowerShell scripting for AD automation and administration
-Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field; equivalent experience considered
-DoD 8570/8140 IAT Level II or III certification (Security+, CASP+, CISSP, or equivalent)
What You'll Do
-Lead the design and deployment of Active Directory forest and domain architecture, including multi-domain and multi-forest environments
-Architect and implement Active Directory Federation Services (ADFS) solutions to enable single sign-on (SSO) across classified and unclassified systems
-Design and configure cross-domain and cross-forest trust relationships in complex, segmented network environments
-Develop and enforce role-based access control (RBAC) frameworks, group policy objects (GPOs), and delegation models aligned with least-privilege principles
-Align directory services architecture with DISA STIG requirements, NIST 800-53 controls, and program-specific security policies
-Collaborate with cybersecurity teams to support ATO processes, RMF documentation, and identity-related continuous monitoring requirements
-Serve as the subject matter expert for identity and directory services, providing technical leadership and mentorship to junior engineers
-Troubleshoot and resolve complex Active Directory, ADFS, and identity federation issues across multi-domain environments
-Evaluate emerging identity and access management technologies and recommend solutions aligned with program roadmaps and government requirements
-Produce and maintain technical documentation including forest design diagrams, trust maps, RBAC matrices, and configuration baselines
What You Bring
-8–10+ years of hands-on experience in systems engineering with deep expertise in Active Directory architecture and identity management
-Demonstrated experience designing and deploying AD forest and domain structures in large-scale enterprise or government environments
-Strong working knowledge of ADFS, SSO federation protocols (SAML, OAuth, WS-Federation), and identity provider configuration
-Experience designing and managing cross-domain and cross-forest trust relationships in segmented or classified network environments
-Deep understanding of RBAC frameworks, GPO design, and least-privilege access models
-Working knowledge of DISA STIGs, NIST 800-53, and RMF as applied to directory services and identity infrastructure
-Active Top Secret security clearance required; TS/SCI eligibility strongly preferred
-Microsoft certifications (MCSE, Azure AD, or equivalent) a strong plus
Preferred Qualifications
-Prior experience supporting classified programs in a DoD, IC, or cleared defense contractor environment
-Familiarity with Azure Active Directory, hybrid identity architectures, and cloud identity integration
-Experience with Privileged Access Management (PAM) solutions such as CyberArk or BeyondTrust
-Familiarity with PKI infrastructure, certificate services, and smart card authentication in DoD environments
-Experience with PowerShell scripting for AD automation and administration
-Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field; equivalent experience considered
-DoD 8570/8140 IAT Level II or III certification (Security+, CASP+, CISSP, or equivalent)
group id: 10105424
