Job Description

The Senior Active Directory Engineer serves as the subject matter expert for the design, implementation, and maintenance of a robust on-premises Identity and Access Management (IAM) infrastructure. This role is focused on the architecture and security of a complex Windows Server environment, ensuring high availability and seamless authentication across the enterprise. You will lead forest-level migrations, disaster recovery planning, and the hardening of AD objects against modern security threats.

Responsibilities

• Design and deploy multi-forest/multi-domain AD architectures, including Site and Services optimization for low-latency authentication.
• Standardize and manage GPOs to enforce security baselines, software distribution, and user environment configurations.
• Implement Tiered Administration models (Red Forest/Privileged Access Workstations) and manage Kerberos, NTLM, and LDAP security protocols.
• Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).
• Establish and regularly assess AD-specific backup and restoration procedures (Authoritative vs. Non-authoritative restores).
• Maintain the health of AD-Integrated DNS, ensuring proper zone replication and scavenging.
• Lead Domain Controller (DC) promotions, demotions, and OS upgrades (e.g., migrating from Windows Server 2016 to 2022).

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals! Learn about our employee-centric culture and benefits here: https://www.colsa.com/culture_benefits/

Required Qualifications

• Bachelors Degree in related field or equivalent experience
• Minimum of 5 to 12 years of related experience 
• Deep understanding of FSMO Roles, Global Catalogs, and Active Directory Partition structures.
• Advanced proficiency in PowerShell for automating bulk object changes, reporting, and environment health checks
• Strong grasp of TCP/IP, DNS, and Firewall requirements essential for AD communication across segmented networks
• Proven experience with Public Key Infrastructure (PKI) and Certificate Services (ADCS).
• Active/Current CompTIA Security+ CE, ISC2 SSCP or equivalent baseline certification
• Ability to obtain Special Access Program (SAP) eligibility and maintain program access required
• U.S. Citizenship required; Must possess (or be able to obtain and maintain) a DoD Top Secret clearance with SCI eligibility including successful completion of a Counterintelligence (CI) Polygraph with 180 days of start date

Preferred Qualifications

• Active DoD Top Secret Clearance with SCI and a Counterintelligence (CI) Polygraph 
• Microsoft Role-Based Certifications (e.g., AZ-800/801)
• Deep knowledge of STIG (Security Technical Implementation Guides) compliance

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.