Job Title: Active Directory Engineer
Location: New York, NY- 10019
Duration: 8+ MonthsShift: 8:00 am to 5:00 pm
Summary
We are seeking an Active Directory Engineer to assist us in rectifying issues with our service accounts. The role involves accomplishing multiple objectives using internal tools. Tasks include identifying the locations and purposes of these accounts, verifying their permissions, confirming their activity status, and determining the account owners.
In the second phase of the project, the engineer will collaborate with various account owners to transition these accounts to Group Managed Service Accounts. Additionally, they will integrate the accounts into a password vault in BeyondTrust, implement password rotations on a regular basis, adjust permissions as needed, restrict interactive logins, address any exceptions, and establish policies and procedures for all future service account creations.
Responsibilities
- Examine the comprehensive list of service accounts within the primary Active Directory Domain to compile essential data for each account, including:
- Owner, upline manager, and department.
- Servers and locations where the account is active.
- Verification of whether interactive login is required and its specific locations.
- Partner with account owners to either convert the account to a Group Managed Service Account (GMSA) or incorporate it into the BeyondTrust password vault. Set up a rotation frequency and configure updates as necessary.
- Collaborate with account owners to initiate password resets.
- Coordinate with the Identity and Access Management (IAM) and Directory Services team to establish and enforce policies governing the creation of future service accounts.