Consltng Dir-Active Directory Subject Matter Expert

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential. 

JOB DESCRIPTION:

CNA is seeking an experienced Active Directory Subject Matter Expert (SME) to join our team, providing oversight to the day-to-day operations, administration, and security of our Active Directory infrastructure through our Managed Service Providers (MSPs). The ideal candidate will have a strong background in managing MSPs and good understanding of complex AD environments, troubleshooting, ensuring security compliance, and working closely with Information Security and Applications teams to enhance the security posture of our organization.

The ideal candidate will possess the following

• Windows Active Directory

• Entra ID

• Have worked within organizations with 20,000+ employees

Our preference is for you to be located and work a hybrid schedule in Chicago, IL.

High Level Tasks 

• Managing domains: Designing, managing, and administering Hybrid environment with Entra ID tenants. The role also involves managing legacy aspects of our infrastructure, including on-premises Active Directory, legacy domains, and integration with modern environments such as Entra ID and Google Cloud.  

• Managing identities: Manage identities within a legacy environment that includes various technologies (Windows 2003, 2008, 2012), ensuring seamless integration and functionality across both legacy and modern systems, Entra ID and Microsoft Azure resources  

• Ensuring compliance: The role requires a strong understanding of specific regulations, including SOX compliance, NYDFS, and other State and Federal regulations and support audit reviews to ensure adherence to these standards.

• Providing technical support: Provide oversight and, Governance to our MSPs technical staff and guide them in resolving service-related issues  

• Developing disaster recovery strategies: The role involves not only developing but also implementing, testing, and supporting the execution of various strategies and solutions.  

• Auditing user permissions: Auditing user permissions across platforms, proactively cleanup, simplify, and rationalize the Active Directory environment to enhance security, efficiency and performance.

• Monitoring systems: Monitoring and auditing systems and services for performance, availability, and disaster preparedness  

• Collaborating with Infosec Identity admin and application team: Collaborating with other roles in the organization to drive strategic identity projects  

Roles and responsibilities 

• Active Directory Management: 

• Lead the administration and maintenance of Active Directory, including user accounts, groups, organizational units (OUs), and service accounts.

• Manage and troubleshoot AD replication issues, Domain Controllers, and DNS settings related to AD.

• Ensure the proper configuration and operation of Active Directory components, including DNS, DHCP, and Global Catalog

• Design, manage and administer Hybrid AD environment with Entra ID tenants, including user and group management, identity protection policies, conditional access policies, and single sign-on (SSO) configurations.

• Security & Compliance: 

• Working with Architecture and Infosec team, identify, implement and enforce security policies, compliance requirements, and identity governance within on-premise AD and Entra ID environments to protect sensitive data and ensure regulatory compliance.

• Implement and enforce security policies related to AD, including password policies, account lockout policies, and access control.

• Conduct regular AD security audits, ensuring compliance with industry standards and internal security policies.

• Perform security incident response related to AD breaches or misconfigurations, and coordinate with security teams to address vulnerabilities.

• Collaborate with the security team to integrate AD with multi-factor authentication (MFA), Privileged Access Management (PAM), and other security technologies.

• Work with Infosec team in implementing and supporting IAM best practices, including role-based access control (RBAC), privileged identity management (PIM), and multi-factor authentication (MFA) for secure access to resources. 

• Integration and Federation:

• Configure and manage Entra ID Connect for directory synchronization between on-premises Active Directory and Entra ID. Implement federated identity solutions such as Active Directory Federation Services (ADFS) or Entra ID Connect with federation to provide seamless access to cloud-based applications 

• Operations, Monitoring and Reporting:

• Regularly review and update GPOs to ensure compliance with changing business requirements and security policies.

• Serve as the primary point of escalation for complex AD issues, providing expert troubleshooting and resolution for incidents related to user access, permissions, and authentication.

• Assist with diagnosing and resolving AD-related issues affecting system performance, such as slow login times, replication failures, and DNS issues.

• Monitor the health and performance of Entra ID services and disaster preparedness, detect and investigate security incidents, and generate reports to track user activity, sign-in events, and security risks. 

• Automation and Scripting:

• Develop and maintain automation scripts using PowerShell, Azure CLI, or other automation tools to streamline administrative tasks, provisioning, and lifecycle management of user accounts and groups. 

• Collaboration and Documentation:

• Collaborate with cross-functional teams to understand business requirements and translate them into AD solutions. Document configurations, processes, and procedures to ensure knowledge sharing and maintain system integrity. 

• Troubleshooting and Support:

• Provide technical support and troubleshooting assistance to resolve issues related to AD authentication, authorization, and access control. 

 
Skills & Qualifications:

Experience: 

• 10+ years of hands-on experience with Active Directory administration in a large enterprise environment.

• 5+ years of experience in managing MSP resources.

• Strong understanding of Windows Server (2003 and later), DNS, DHCP, and related services.

• In-depth knowledge of AD security concepts, including authentication, authorization, Kerberos, and LDAP.

• Strong understanding of identity and access management (IAM) concepts, including RBAC, PIM, SSO, and federation. 

• In-depth knowledge of Entra ID services, including but not limited to user and group management, conditional access, identity protection, multi-factor authentication, and Entra ID Connect. 

• Strong understanding of identity and access management (IAM) concepts, including RBAC, PIM, SSO, and federation

• Experience with PowerShell scripting and automation tools for Entra ID administration

• Experience with hybrid identity solutions integrating on-premises Active Directory with Entra ID. 

• Experience with AD migrations, upgrades, and consolidations.

• Knowledge of Identity tools such as Okta, SailPoint is highly desired.

Certifications (preferred): 

• Microsoft Certified: Windows Server Fundamentals, Active Directory or related certifications (e.g., MCSE, MCSA).

• Certified Information Systems Security Professional (CISSP) or similar security certifications a plus.

Qualifications: 

• Strong analytical and problem-solving abilities.

• Ability to acquire and learn new skills quickly and efficiently. 

• Excellent communication skills with the ability to convey technical information to non-technical stakeholders.

• Detail-oriented, with a focus on continuous improvement and security best practices.

• An eye for spotting details and keeping projects on track and progressing 

• Experience writing and updating technical documentation and training 

• Natural technical aptitude (it's in your DNA) with continual personal advancement in learning and applying newest cloud technologies, updates and method

Why Join Us:

Work in a dynamic environment and collaborate with a talented team of IT professionals and security experts.

Contribute to strengthening the security and reliability of the CNA’s core infrastructure.

#LI-MA1

#LI-Hybrid

In certain jurisdictions, CNA is legally required to include a reasonable estimate of the compensation for this role. In District of Columbia, California, Colorado, Connecticut, Illinois, Maryland, Massachusetts, New York and Washington, the national base pay range for this job level is $97,000 to $189,000 annually. Salary determinations are based on various factors, including but not limited to, relevant work experience, skills, certifications and location. CNA offers a comprehensive and competitive benefits package to help our employees – and their family members – achieve their physical, financial, emotional and social wellbeing goals.  For a detailed look at CNA’s benefits, please visit cnabenefits.com.

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.