Active Directory Architect (m/f/d)

You may apply to Tietoevry by selecting Apply and fill your application details to the form. You may also Apply by using LinkedIn and populate details to your application from your LinkedIn profile.

About the Role:

We are seeking a highly skilled and experienced Active Directory Architect to design, implement, and maintain strategic customer organization's Active Directory (AD) infrastructure. As an AD Architect, you will play a critical role in ensuring the security, scalability, and efficiency of our directory services, supporting both on-premises and cloud environments. This position requires a deep understanding of AD architecture, including forests, domains, organizational units (OUs), group policies, and integration with other identity management systems.

Key Responsibilities:

• Design and Architecture:
  • Develop and maintain the overall architecture of the Active Directory environment, including forests, domains, OUs, sites, and replication topology.
  • Design and implement secure and scalable AD solutions that meet the organization's needs, including disaster recovery and high availability strategies.
  • Integrate AD with cloud identity services, such as Azure Active Directory, and ensure seamless hybrid identity management.

• Implementation and Management:
  • Lead the implementation of new AD features, upgrades, and migrations, ensuring minimal disruption to business operations.
  • Develop and enforce AD policies, standards, and procedures, including naming conventions, security settings, and group policy objects (GPOs).
  • Oversee the configuration and management of DNS, DHCP, and other services tightly integrated with AD.

• Security and Compliance:
  • Implement and maintain security best practices within the AD environment, including least privilege access, multi-factor authentication (MFA), and auditing.
  • Ensure compliance with relevant regulatory and industry standards, such as GDPR, HIPAA, or SOX.
  • Conduct regular security assessments, vulnerability scanning, and remediation efforts within the AD infrastructure.

• Troubleshooting and Support:
  • Provide tier-3 support for complex AD-related issues, working closely with IT support teams to resolve incidents and problems.
  • Monitor AD performance and health, proactively identifying and addressing potential issues before they impact business operations.
  • Create and maintain documentation for all AD-related processes, configurations, and troubleshooting guides.

• Collaboration and Training:
  • Collaborate with cross-functional teams, including network, security, and application teams, to ensure integrated and secure identity management.
  • Mentor and train junior IT staff on AD-related topics, fostering a culture of continuous learning and improvement.
  • Stay up-to-date with the latest developments in AD and related technologies, recommending and implementing improvements as needed.

Qualifications:

• Education: Bachelor’s degree in Computer Science, Information Technology, or a related field. Relevant certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified Solutions Expert - MCSE) are highly desirable.

• Experience:

  • 7+ years of experience in IT, with a minimum of 5 years specializing in Active Directory design, implementation, and management.

  • Proven experience with AD migrations, upgrades, and hybrid identity management (e.g., Azure AD).

  • Strong understanding of networking concepts, including DNS, DHCP, and TCP/IP.

• Technical Skills:
  • In-depth knowledge of AD architecture, GPOs, LDAP, Kerberos, and PKI.
  • Experience with scripting and automation using PowerShell or similar tools.
  • Familiarity with identity management solutions, such as ADFS, Azure AD Connect, or other SSO technologies.

• Soft Skills:
  • Excellent problem-solving and analytical skills.
  • Strong communication and collaboration skills, with the ability to work effectively in a team environment.
  • Ability to manage multiple projects and priorities in a fast-paced environment.

Preferred Qualifications:

• Experience with other identity and access management (IAM) systems.
• Familiarity with cloud platforms (Azure, AWS) and their integration with AD.
• Experience with security frameworks and tools, such as SIEM, identity governance, or privileged access management (PAM).

We offer:

• Contract is for an indefinite period of time > we count on you!

• work partially or completely remote > work from wherever it suits you
• extra holidays > we have 25 days off plus 2 sick days.
• we contribute from 10 400 CZK per year > you name it. Choose from contributions for pension and life insurance, sports, culture, health, travel or education in the cafeteria.
• educate yourself > we regularly organize and pay for IT courses, certifications, language training and personal development courses
• 107 CZK meal allowance on top of your salary
• reward for a new colleague > refer another colleague to us and get up to 80,000 CZK
• we'll support you when you're sick > for colleagues who are seriously ill for a long period of time, we contribute to sick pay in excess of the law
• extra work is appreciated > when overtime is needed, we pay more than the law requires
• stay fit and fresh > in Ostrava, use the free fitness facilities in the building, in other locations, do sports with Multisport
• Nordic culture > at Tietoevry, we believe in you. No one is breathing down your neck and checking every minute of your work. We are friendly and open.

#LI-Hybrid

#LI-TM1

At Tietoevry, we believe in the power of diversity, equity, and inclusion. We encourage applicants of all backgrounds, genders (m/f/d), and walks of life to join our team, as we believe that this fosters an inspiring workplace and fuels innovation. Our commitment to openness, trust, and diversity is at the heart of our mission to create digital futures that benefit businesses, societies, and humanity. Diversity, equity and inclusion (tietoevry.com)