Department: Information Security Office
Salary/Grade: ITS/83

Job Summary:

The (AD) Active Directory Lead Engineer provides support for a complex environment(s). They provide expert knowledge, skillsets and subject matter expertise (SME) of Microsoft AD Architecture, infrastructure and identity integrations with various technologies and services.

In this role, you will apply your knowledge and skillsets to lead the MS team that provides support, consultation, design services, testing, documentation and implementation for Microsoft Active Directory, Cayosoft, CyberArk, Azure AD, Unity Sync and Windows based systems. That will include configuration/implementation of new functionality, versioning, modify existing set ups, and provide Tier 3 support for trouble shooting various issues or incidents. You will also provide an array of consultative information, guidance and/or assistance to various groups within NUIT as well as NU schools and units.

You will assist with strategic planning and will work to ensure that IAM systems/solutions are both resilient and adaptive to an evolving Identity landscape. You will work with stakeholders throughout Northwestern to implement IAM best practices and controls.

You will lead the MS Team in a supervisor capacity that includes work assignment, work evaluation/peer review, training, mentoring, and conduct performance evaluation reviews. Oversee operations and support for the teams infrastructure and services. Leads, instructs, directs, and checks the work of other engineers using full technical knowledge and thorough understanding of functionality. Provides supervision to and oversees the work of staff. Leads with the expectation that team members are cross-trained on all products and are staying on top of new skill development within the industry.

Specific Responsibilities:

Strategic Planning

• Represent Identity & Access Management Department in collaborative and strategic initiatives, applying expertise and functioning as an integral part of the information security organization.
• Contribute to yearly roadmap planning of the IAM portfolio.
• Research and provide guidance/support in evaluating industry best practices, evaluating vendors, open source products and internally developed systems, cloud or SAAS solutions.
• Participate in BTAA, CSG or other industry meetings or conferences to help ensure IAM stays on top of future functionality, products, trends and support.

Administration

• Act as IAM point-of-contact for assigned MS team products and operations.
• Serve as Tier 3 support and an escalation point for domain technology issues that cannot be solved by Tier 1 and Tier 2 support.
• Responsible for MS team operations to include - team performance, ownership of root cause analysis, problem management, documentation and communication for Identity Environment(s).
• MS Team system monitoring, verifying the integrity and availability of all hardware, server resources, system and key processes, reviewing system logs and verifying completion of scheduled tasks/jobs.
• MS Team create and maintain system documentation for domain technologies, including installation, configuration, and appropriate trouble shooting steps.
• Identify opportunities to innovate, extend and enhance service delivery where possible.
• Monitor and evaluate systems and services for conformity to existing policies, standards, and guidelines

Engineer

• Ability to make AD configuration changes, schema extensions/modifications, set up or modify GPO's, OU's, trusts, etc.
• Architect, design and implement solutions for Active Directory infrastructure for efficiency and continuous improvement opportunities.
• Ability to create powershell scripts, read code, utilize Git for versioning and use an orchestration tool like (Cloudbees, Rundeck or other) for automation.
• Lead projects in the design, development, testing, and implementation of technical solutions which advance strategic initiatives in IAM including projects affecting the overall posture of Northwestern University
• Review existing Identity & Access Management practices, developing and implementing systems and solutions for additional controls, capabilities, or compliance
• Implement recommendations for assigned projects, in consultation with project team(s) and/or other NUIT staff
• Provide recommendations for continual process improvements across Identity & Access Management workflows
• Draft and review documentation such as analyses of technical, administrative, or procedural issues; procedural documentation/playbooks; and team documentation

Performance

• Collaborate with other Identity staff or NUIT staff as needed for incident remediation or incident investigations
• Provides troubleshooting and investigation assistance to users regarding potential or actual Identity incidents.
• Partners with users and internal/external staff to monitor and/or report school, unit, or departmental level IAM issues/incidents within applications or systems.
• Develop and maintain IAM MS team expertise through university-provided and external training/seminars/courses; staying abreast of industry trends, methods, and published literature; and participating in professional development programs/initiatives and approved by information security management.

Supervises

• Assigns staff to certain projects/tasks
• Champions utilization of best practices and standards, and ensures compliance with IT/University policies.
• Conducts performance evaluations for supervised team members.
• Coaches and mentors team members and facilitate career development goals for junior staff and direct reports.
• Provide ongoing feedback and coaching throughout the year and coaches direct report for goals and development opportunities.
• Leads with the expectation that team members are cross-trained and new skill developments.
• Other duties as assigned.

Minimum Qualifications: (Education, experience, and any other certifications or clearances)

• Successful completion of a full 4-year course of study in an accredited college or university leading to a bachelor's or higher degree in a major such as computer science, information technology, or related: OR appropriate combination of education and experience.
• 8+ years MS Active Directory server experience - thorough understanding of Windows 2008, 2012, and 2016. (Both server level and FFL).
• Hands on experience installing, configuring, upgrading AD configuration changes, schema extensions/modifications, set up of GPO's, OU's, trusts,etc.
• Experience with MS AD in multi-domain and multi-forest environments.
• Advanced hands on experience with Powershell scripting and use of Splunk.
• Solid understanding of IAM software and technologies (i.e. ADS, Azure AD/Entra, SSO, LDAP, Federation/SAML, OAuth, MFA,Cyberark, Crowdstrike Identity, etc).
• Proficient with technical troubleshooting, incident management, root cause analysis and problem solving.
• Experience with monitoring and performance tuning for Windows operating systems to include - connectivity synchronization, replication, netlogon, time services, schema, database partitions, DNS settings, SRV records and certificate authorities and trust relationships.
• Experience with multi-faceted environment (On Premise, Cloud & SAAS)
• Demonstrated experience coordinating resources on multiple teams and leading projects.
• Must have time management skills and ability to prioritize tasks and lead a team in this area.
• Please see information highlighted in tables below.
• Amazon Web Services (AWS)
• identity management/provisioning
• OpenAM (Identity Management)
• Server hardware
• Veeam Backup and Recover
• Other: Active Directory Federation Services and/or Shibboleth (SAML)
• Microsoft (MCSE, MCSD, MCSA)
• Node.js
• PL/SQL
• critical thinking
• Debugging
• decision making
• enterprise architecture
• enterprise directory services
• problem solving
• Troubleshooting
• use-case analysis
• agile environment
• collaboration and teamwork
• cost/benefit analysis
• evaluate resources
• facilitate collaboration
• functional documentation
• iterative & incremental development
• organizational skills
• planning
• workflow development & documentation

Minimum Competencies: (Skills, knowledge, and abilities.)

• 10+ years of practical experience within technology and systems administration environments.
• Technical background, with understanding of concepts of confidentiality, integrity and availability, disaster recovery, business continuity, user authentication and authorization
• Microsoft certifications such as - MSCE: Core Infrastructure &MSCE: AZ900 or equivalent
• Possess a combination of both functional and technical skills and have excellent communication skills, interpersonal skills to interact with customers, team members, and senior leaders (verbal & written)
• Demonstrated experience with IT operations, working with Vendors, and Service Desk operations. (ITIL standards, TDX or Service now type ticketing systems)
• Microsoft knowledge in ADS, ADFS, Azure AD/Entra, ADCS, and Public Key infrastructure knowledge.

Preferred Qualifications: (Education and experience)

• Expert/Experienced Architect level expertise in Active Directory - ADS (on premise or vm), ADFS, andAzure AD.
• MS AD Expert - knowledge Domains, Sub-domains, 1way trusts/2way trusts, PS scripting, Migration tools(Quest), SCCM, O365 and Intune.
• MS AD Migration expert - inter forest migration (history info) and/or intra forest migration.
• Someone who has lead, planned and executed migrations (preferable back into central domain)
• Work experience with IAM technologies including: SailPoint IdentityIQ, Shibboleth, OpenAM, LDAP, Duo for MFA, Active Directory, Radiant Logic, Cayosoft, Grouper.
• Experience in higher education or public sector IAM processes and technology.
• Experience leveraging message queues, API managers and web services to build application integration services and Dev Ops.
• Entra/Azure AD Expert - Azure Service fabric, Workflows, Access certification, Entitlements/role management, IGA.
• Experience MS Hello or other biometric tools and how they work.
• Experience in a higher education institution.
• Powershell expert & experience with splunk, CyberArk, and Crowdstrike Identity.

Preferred Competencies: (Skills, knowledge, and abilities)

• Experienced with SDLC, ITIL, agile methodologies, Git/other version control software, and orchestration tools.
• Knowledge of current industry best practices in enterprise architecture, design, development, engineering,etc.
• Experience using a systematic approach for problem analysis and resolution as well as the evaluation of solution alternatives
• Ability to maintain effective working relationships with a broad cross-section of the University Community.
• MSCE: Azure Solutions Architect Expert (a plus)
• MSCE: Devops Engineer Expert (a plus)
• Microsoft Expert in Large scale Windows enterprise
• Experience with orchestration toolsets (Cloudbees, Rundeck or similar), the ability to build scripts and utilize tools that drive automation

Target hiring range for this position will be between $122,000-$144,000 per year.. Offered salary will be determined by the applicant's education, experience, knowledge, skills and abilities, as well as internal equity and alignment with market data.

Benefits:
At Northwestern, we are proud to provide meaningful, competitive, high-quality health care plans, retirement benefits, tuition discounts and more! Visit us at to learn more.

Work-Life and Wellness:
Northwestern offers comprehensive programs and services to help you and your family navigate life's challenges and opportunities, and adopt and maintain healthy lifestyles.
We support flexible work arrangements where possible and programs to help you locate and pay for quality, affordable childcare and senior/adult care. Visit us at to learn more.

Professional Growth & Development:
Northwestern supports employee career development in all circumstances whether your workspace is on campus or at home. If you're interested in developing your professional potential or continuing your formal education, we offer a variety of tools and resources. Visit us at to learn more.


Northwestern strongly recommends COVID-19 vaccinations and boosters for people who can obtain them as a critical tool for minimizing severe illness. More information can be found on the webpage.

The Northwestern campus sits on the traditional homelands of the people of the Council of Three Fires, the Ojibwe, Potawatomi, and Odawa as well as the Menominee, Miami and Ho-Chunk nations. We acknowledge and honor the original people of the land upon which Northwestern University stands, and the Native people who remain on this land today.

Northwestern University is an Equal Opportunity, Affirmative Action Employer of all protected classes, including veterans and individuals with disabilities. Women, racial and ethnic minorities, individuals with disabilities, and veterans are encouraged to apply. Click for information on EEO is the Law.

#LI-GS1