Collaborative Computing Solutions within Virginia Tech is seeking a skilled Active Directory Architect with a strong security focus to join our team. This role will lead the design, development, and support of a secure, large-scale Active Directory (AD) and Entra ID (formerly Azure AD) environment. The architect will enhance the security posture of our directory services, ensuring compliance with IAM best practices and contributing to the organization’s overall cybersecurity strategy.

Please note: Sponsorship is not available for this position. 

Responsibilities
• Active Directory and Entra ID Architecture and Security: Lead the design and implementation of secure AD and Entra ID environments, ensuring adherence to security best practices and organizational compliance requirements.
• Identity and Access Management (IAM): Architect, implement, and manage IAM solutions, including authentication protocols (SAML, OAuth, OIDC, Kerberos) and privileged access management (PAM\PIM).
• Policy Development and Compliance: Establish and maintain security policies for directory services, ensuring compliance with regulations such as FERPA and aligning with security frameworks like Zero Trust.
• Security Auditing and Monitoring: Regularly conduct security audits of AD and Entra ID; analyze security logs, identify vulnerabilities, and lead incident response efforts to mitigate threats.
• IAM Roadmap and Strategy Development: Develop and maintain an IAM roadmap, ensuring alignment with organizational goals, evolving security standards, and emerging threats.
• Technical Leadership and Collaboration: Provide technical leadership on AD/Entra ID security matters, collaborate with operational teams to enhance security practices, and reduce drift in directory services.
• Automation and Tool Development: Utilize scripting tools such as PowerShell and Microsoft Graph API to automate tasks and enhance security monitoring and reporting capabilities.
• Documentation and Knowledge Transfer: Create and maintain documentation for all technical processes and contribute to training materials and knowledge base articles to ensure effective knowledge transfer.
• Incident Response and Remediation: Lead incident response activities related to identity-based security events, including vulnerability assessments, patch management, and security remediations.