Information Technology_USA - USA_Product Architect

2 Candidate Submittal Slots, New High Level Policy Please strictly adhere to the following resume naming convention: ALL CAPS, NO SPACES B/T UNDERSCORES Bill Rate market rate - market rate PTN_US_GBAMSREQID_CandidateBeelineID i.e. PTN_US_9999999_SKIPJOHNSON0413 MSP Owner: Rob Finton Location: Ada, MI Duration: 6 months GBaMS ReqID: 10611250 Competencies: 10+ years experience required Windows Servers Job description for Active Directory Required Skills: • Proven experience architecting AD in large, multi-domain, multi-site enterprise environments. • Deep expertise in: o Domain/Forest model design o Group Policy architecture o AD security & hardening o DNS/DHCP o Azure AD & Hybrid Identity o Federation & SSO models (ADFS, OAuth, SAML) • Strong PowerShell automation skills. • Solid understanding of networking (TCP/IP, routing, firewalls, load balancers). • Familiarity with zero-trust and identity security frameworks. Key Responsibilities: Active Directory Architecture & Design • Lead the design and implementation of enterprise-scale Active Directory architectures. • Architect domain/forest structures, OU design, Group Policy frameworks, and AD security baselines. • Define AD governance, naming conventions, delegation models, and identity lifecycle standards. • Oversee AD replication, domain controller placement, and Site/Subnet configurations. • Design and implement secure authentication models (Kerberos, LDAP/S, NTLM hardening). Identity & Access Management • Architect solutions for IAM, including RBAC, least privilege models, privileged access management (PAM), and SSO/MFA. • Lead integration between on-prem Active Directory and Azure AD (Cloud Hybrid Identity). • Oversee Azure AD Connect, federation services (ADFS), Conditional Access, and identity governance. Windows Infrastructure Architecture • Design and standardize Windows Server builds, hardening baselines, and automation frameworks. • Architect solutions for patching, configuration management, and OS lifecycle management. • Provide architecture leadership for virtualization platforms (VMware/Hyper-V) as they relate to Windows workloads. Security & Compliance • Lead identity and Windows security posture improvements using Entra ID Protection, Conditional Access, and MFA. • Work closely with the security team to design secure AD and Windows infrastructures aligned with zero-trust principles. • Drive remediation of AD vulnerabilities, legacy protocols, and misconfigurations. • Support identity governance audits, compliance assessments, and security reviews. Automation & Optimization • Architect automation solutions using PowerShell, DSC, and modern configuration tools (Intune/SCCM). • Recommend improvements to performance, reliability, identity workflow, and user provisioning. Cross-Functional Leadership • Serve as the enterprise SME for AD, Windows, and identity services. • Lead technical workshops, design reviews, and architectural discussions.

Created: 2026-03-17