IAM AD Engineer

Department: Information Security Office
Salary/Grade: ITS/81

Job Summary:

The Active Directory Engineer provides support for a complex environment(s). They provide knowledge, skillsets and subject matter expertise (SME) for MS ADS, group management, and PAM services. Microsoft based Architecture, infrastructure and identity integrations with various technologies and services.

In this role, you will apply your knowledge and skillsets to provide support, consultation, design services, testing, documentation and implementation for Microsoft Active Directory, Cayosoft, Azure AD, Unity Sync, CyberArk and Windows based systems. That will include configuration/implementation of new functionality, versioning, modify existing set ups, and provide Tier 3 support for trouble shooting various issues or incidents. You will also provide an array of consultative information, guidance and/or assistance to various groups within NUIT as well as NU schools and units.

As an AD engineer you will need to have acquired 3 years hands on experience with Active Directory Server (ADS), Azure AD, CyberArk (or other PAM tool) and other Identity products. You will work to ensure that IAM systems/solutions are both resilient and adaptive to an evolving Identity landscape. The AD Engineer works on IAM projects within the MS team and provides guidance to other staff, as well as ensures compliance with all security associated with NU, state, and federal rules and regulations. Works closely with stakeholders throughout Northwestern to implement IAM best practices and controls.

Specific Responsibilities:

Strategic Planning

• Contribute to Risk Assessment and IAM Evaluations
• Provide Guidance and Support in evaluating vendors, open source products and internally developed systems.
• Contribute to yearly planning of IAM portfolio.
• Support processes and systems around vulnerability assessments, risk analysis, and risk mitigation procedures.
• Represent Identity & Access Management in collaborative initiatives, applying expertise and functioning as an integral, complementary part of the information security department.

Administration

• Act as IAM point-of-contact for assigned MS team product(s).
• Serve as Tier 3 support and an escalation point for domain technology issues that cannot be solved by Tier 1 and Tier 2 support. Perform/Own root cause analysis, problem management, documentation and communication for Identity Environment(s).
• Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, system and key processes, reviewing system logs and verifying completion of scheduled tasks/jobs.
• Create and maintain system documentation for domain technologies, including installation, configuration, and appropriate trouble shooting steps.
• Identify opportunities to innovate, extend and enhance service delivery where possible.
• Monitor and evaluate systems and services for conformity to existing policies, standards, and guidelines.

Engineer

• Ability to make AD configuration changes, schema extensions/modifications, set up or modify GPO's, OU's, trusts, etc.
• Assist with design and implement solutions for MS Team Product (Active Directory, etc) infrastructure for efficiency and continuous improvement opportunities.
• Ability to create powershell scripts, read code, utilize Git for versioning and use an orchestration tool like (Cloudbees, Rundeck or other) for automation.
• Participate in projects in the design, development, testing, and implementation of technical solutions which advance strategic initiatives in IAM including projects affecting the overall posture of Northwestern University.
• Review existing Identity & Access Management practices, developing and implementing systems and solutions for additional controls, capabilities, or compliance.
• Implement recommendations for assigned projects, in consultation with project team(s) and/or other NUIT staff.
• Provide recommendations for continual process improvements across Identity & Access Management workflows.
• Draft and review documentation such as analyses of technical, administrative, or procedural issues; procedural documentation/playbooks; and team documentation.

Performance

• Collaborate with other Identity staff or NUIT staff as needed for incident remediation or incident investigations.
• Provides troubleshooting and investigation assistance to users regarding potential or actual Identity incidents.
• Partners with users and internal/external staff to monitor and/or report school, unit, or departmental level IAM issues/incidents within applications or systems.
• Develop and maintain IAM MS team expertise through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in professional development programs/initiatives and approved by information security management.

Supervises/Other

• Cultivate subject-matter expertise and skills in less experienced IAM staff, in coordination with their supervisors and IAM management.

Miscellaneous

• Other duties as assigned.

Minimum Qualifications:

• Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related; OR appropriate combination of education and experience.
• 3+ years experience with IAM technology such as MS Active Directory server experience - thorough understanding of Windows Server 2012, 2016 and 2022.
• Hands on experience installing, configuring, upgrading, AD configuration changes, schema extensions/modifications, set up GPO's, OU's, trusts, etc.
• Experience with MS AD in multi-domain and multi-forest environments.
• Experience with Azure AD/Entra, Intune and related MS technologies.
• Experience in PowerShell scripting and the ability to read code, utilize Git and automate activities.
• Knowledge of operations reports and usage of splunk.
• Demonstrate knowledge with problem resolution and experience with Tier 3 troubleshooting, on call and incident response.
• Monitoring and performance tuning for Windows operating systems including - connectivity, synchronization, replication, netlogon, time services, schema, database partitions, DNS settings, SRV records, certificate authorities and trust relationships.
• Support of IAM on premise systems, SAAS and Cloud based solutions.

Minimum Competencies:

• 3 years of practical experience within technology and systems administration environments.
• Technical background, with understanding of concepts of confidentiality, integrity and availability, disaster recovery, business continuity, user authentication and authorization.
• 3 years basic understanding of Microsoft servers, MS active directory server & knowledge of Azure AD/Entra.
• Basic understanding of firewall theory and network security.
• Strong oral and written communications skills.
• Ability to weigh business needs against security concerns and articulate issues to the user community.

Preferred Qualifications:

• Bachelor's degree in a computer science or related field.
• Experience in a higher education environment.
• Experience with AD platform management, migrations, and AD account lifecycle management.
• Experience with cloud platforms (AWS, Azure, GCP).
• Knowledge of set up and maintaining AD cluster solutions, certificate services and PKI administration.
• 3 years knowledge/experience with AD, ADFS, AAD/Entra, and PAM solutions/tools.
• Security or technology industry certifications (e.g. Microsoft MSCE, or server core certifications, AZ900, CyberArk certification or similar).
• Experience supporting access management solutions, products and tools.
• Demonstrated experience with IT Operations as it relates to working with vendors to ask questions, open help desk tickets and troubleshoot issues.
• Desire to keep up industry skillsets and certifications.
• Analytical skills with ability to relate to technical and non-technical personnel.

Preferred Competencies:

• 3+ years of IAM experience.
• Knowledge of Cloud environments with relation to Identity.
• Knowledge of vulnerability management practices and toolsets.
• Skills with MS ADS, Azure AD/Entra, Cayosoft, Cyberark or other identity off the shelf tools/products.

Target hiring range for this position will be between $99,825-$118,541 per year. Offered salary will be determined by the applicant's education, experience, knowledge, skills and abilities, as well as internal equity and alignment with market data.

Benefits:

At Northwestern, we are proud to provide meaningful, competitive, high-quality health care plans, retirement benefits, tuition discounts and more! Visit us at to learn more.

Work-Life and Wellness:

Northwestern offers comprehensive programs and services to help you and your family navigate life's challenges and opportunities and adopt and maintain healthy lifestyles. We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at to learn more.

Professional Growth & Development:

Northwestern supports employee career development in all circumstances whether your workspace is on campus or at home. If you're interested in developing your professional potential or continuing your formal education, we offer a variety of tools and resources. Visit us at to learn more.

Northwestern strongly recommends COVID-19 vaccinations and boosters for people who can obtain them as a critical tool for minimizing severe illness. More information can be found on the COVID-19 and Campus Updates webpage.

The Northwestern campus sits on the traditional homelands of the people of the Council of Three Fires, the Ojibwe, Potawatomi, and Odawa as well as the Menominee, Miami and Ho-Chunk nations. We acknowledge and honor the original people of the land upon which Northwestern University stands, and the Native people who remain on this land today.

Northwestern University is an Equal Opportunity, Affirmative Action Employer of all protected classes, including veterans and individuals with disabilities. Women, racial and ethnic minorities, individuals with disabilities, and veterans are encouraged to apply. Click for information on EEO is the Law.