Sr Systems Engineer (Active Directory)
          
          
  
  
  
  
  
        - 
    
    
      Columbia University Information Technology
 
  
  
  
  
  
  
  
  
  
  
 
          
          
            
- Job Type: Officer of Administration
- Regular/Temporary: Regular
- Hours Per Week: 35
- Salary Range: $110,000 - $120,000
The salary of the finalist selected for this role will be set based on a variety of factors, including but not limited to departmental budgets, qualifications, experience, education, licenses, specialty, and training. The above hiring range represents the University's good faith and reasonable estimate of the range of possible compensation at the time of posting.
 
Position Summary
Reporting to the Active Directory Manager in the Identity and Access Management (IAM) group, the Sr. Systems Engineer is responsible for the design, development, and optimization of the University’s enterprise Active Directory (AD) environment. The Sr. Systems engineer will help shape strategic AD initiatives, ensure seamless integration with on-premise and cloud services, and uphold compliance and security standards for identity and access across the University.
Responsibilities
Enterprise Active Directory Administration
- Architects and maintains the University-wide hybrid AD environment, supporting 120K+ users.
- Manages domain controllers, performs OU setup and delegation, and oversees the creation and modification of group policies.
- Implements and maintains AD sites, subnets, site links, and schema changes.
- Proactively monitors performance, troubleshoots critical issues, and conducts root cause analyses.
Strategic Planning & Collaboration
- Drives the evolution and innovation of AD services by collaborating with senior leadership to define future identity solutions.
- Serves as the primary subject matter expert for integrating Azure AD with on-prem AD, ensuring robust SSO and secure identity federation.
- Partners with cross-functional teams (e.g., Network Engineering, Information Security, Application Development) to implement cohesive identity and access solutions.
Security & Compliance
- Collaborates with cybersecurity and compliance teams to enforce Zero Trust principles and regulatory requirements.
- Ensures the AD environment meets security best practices for authentication, authorization, and data protection.
- Manages backups and plans for disaster recovery of the AD infrastructure.
- Collaborates with the broader IT security, risk, and compliance teams to interpret policies and standards, ensuring they are consistently applied.
Automation & Tooling
- Develops and maintains advanced PowerShell and Graph API scripts to streamline AD management, backup, and recovery processes.
- Manages and optimizes tooling integrations (e.g., CrowdStrike, Malwarebytes, SumoLogic, SCCM, WSUS) to ensure high availability and system health.
- Supports automation of repetitive AD tasks to improve operational efficiency.
Cloud & Hybrid Environment Support
- Oversees AD integration with VMware and cloud environments, ensuring stable and secure deployments.
- Evaluates and recommends cloud-based solutions to optimize AD services.
- Coordinates with IT teams to implement and maintain Office 365 services, including tenant-to-tenant migrations when required.
Infrastructure & PKI
- Builds and maintains an internal Microsoft PKI environment and ensures certificate services remain reliable and secure.
- Oversees privileged access management (PAM) solutions to protect highly sensitive AD objects.
Technical Documentation & Mentoring
- Identifies and documents infrastructure configuration requirements related to AD.
- Serves as a mentor to junior engineers, sharing best practices for problem-solving and AD administration.
- Maintains thorough documentation of standard operating procedures, incident resolutions, and maintenance tasks.
Support & Operational Duties
- Handles service tickets related to AD availability, performance, and functionality.
- Works closely with customer organizations to plan and implement complex AD configurations.
- Participates in on-call rotations and off-hours work to support critical maintenance windows.
- Maintains strong working relationships with peer technical groups and other support teams.
- Represents the IAM organization on large-scale technology projects implemented outside IAM.
- Performs all other duties as assigned.
Minimum Qualifications
- Minimum 4-6 years’ related experience.
- 4+ years of relevant Windows Systems Administration experience.
- 3+ years of Active Directory technical experience (operational support and implementation of large-scale, enterprise-level solutions).
- Strong knowledge of AD, Azure AD, Microsoft 365, ADFS, and hybrid identity integrations.
- Experience in Windows Server design, deployment, and maintenance within VMware and/or cloud environments.
- Basic understanding of networking concepts (DNS, Load Balancing, Wireless, VPNs, VLANs, Subnets, Firewalls).
- High proficiency in PowerShell scripting and working with the Graph API.
- Proven ability to communicate technical issues to both technical and non-technical audiences.
- Strong critical-thinking skills and demonstrated ability to work in a fast-paced, deadline-driven environment.
- Demonstrated excellence in teamwork, collaboration, analytical thinking, communication, and technical expertise.
- Ability to manage multiple projects with shifting priorities.
- Ability to work independently with minimal supervision.
- Willingness to be available for weekend and off-hour work as necessary.
Preferred Qualifications
- 4+ years managing an enterprise-level Active Directory environment (50K+ users).
- Familiarity with Microsoft Zero Trust security architecture.
- Strong knowledge and experience in building and maintaining a Microsoft PKI environment.
- In-depth PowerShell scripting and Graph API expertise.
- Experience with Office 365 tenant-to-tenant migrations.
- Experience working with Privileged Access Management (PAM) solutions.
- Familiarity with CrowdStrike, Malwarebytes, SumoLogic, SCOM, WSUS, SCCM, and ADFS.
- Working knowledge of VMware vCenter.
- Basic working knowledge of UNIX/Linux operating systems.
- Basic working knowledge of MIT Kerberos.
- Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate, MCSE in Core Infrastructure).
Equal Opportunity Employer / Disability / Veteran
Columbia University is committed to the hiring of qualified local residents.