Job Title

Job Summary:We are looking for a highly skilled Active Directory L3 Engineer with strong expertise in AD (On-Premises), DNS, and ADFS. The candidate will be responsible for managing enterprise directory services, handling complex escalations, and ensuring secure, highly available identity infrastructureKey Responsibilities:Provide Level 3 support for Active Directory, including critical incident handling and root cause analysisManage and maintain Active Directory Domain Services (AD DS) in enterprise environmentsTroubleshoot AD replication issues, including: Replication failures, Lingering objects, Metadata cleanupMonitor and validate AD health using tools such as: DCDiag, RepadminManage and support DNS infrastructure integrated with Active Directory, including: DNS zones and records (A, PTR, CNAME, MX, SRV, TXT), DNS scavenging and aging, Name resolution troubleshootingImplement and support ADFS (Active Directory Federation Services) for Single Sign-On (SSO), Claims-based authenticationAdminister and troubleshoot Group Policy Objects (GPOs)Manage FSMO roles, domain controllers, and AD topologySupport Kerberos authentication, security configurations, and troubleshootingPerform AD security hardening, including: iered administration, Privileged access management, MFA integrationHandle disaster recovery and backup strategies for AD and DNSCollaborate with cloud teams for Azure AD / Hybrid Identity integrationCreate and maintain SOPs, KB articles, and documentationMentor L1/L2 engineers and support knowledge transferRequired Skills:Strong hands-on experience in: Active Directory L3 Support (On-Premises), DNS (AD-integrated DNS is mandatory), ADFS (SSO and Federation)Deep understanding of: FSMO roles and AD architecture, AD replication and troubleshooting, Kerberos authentication and encryption, Password security and hash-related attacksStrong knowledge of DNS concepts, including: Record types (A, PTR, CNAME, MX, SRV, TXT), DNS scavenging and aging & DNS troubleshooting in AD environmentsGood to Have:Experience with Azure AD / Entra IDKnowledge of: Anchor ID (Immutable ID, msDS-ConsistencyGUID), Hybrid identity setupBasic to intermediate knowledge of: PKI (Public Key Infrastructure), Identity security best practicesExperience in: AD migrations (FRS to DFSR, domain upgrades), Large enterprise environments