Identity Engineer u2013 Active Directory

Hybrid Role Description The Identity Engineer u2013 Active Directory is responsible for administering, engineering, and optimizing Ralliant Corporationu2019s complex, multi-domain Active Directory environment. This role serves as a hands-on technical leader across core AD infrastructure, ensuring stability, security, and scalability while supporting the broader Identity & Access Management (IAM) program. This position operates within a multi-domain, multi-forest environment (13+ domains) with hybrid identity integration and deep dependencies across enterprise IAM systems. The engineer is expected to operate confidently across all layers of Active Directory, from object lifecycle management and Group Policy to replication topology, authentication mechanisms, and disaster recovery. The role partners closely with Security, Infrastructure, and Compliance teams to ensure Active Directory functions as a secure and reliable foundation for enterprise identity. It contributes to identity strategy by aligning AD schema, attributes, and configurations with identity governance platforms and access lifecycle processes. The role embraces the Ralliant Business System (RBS) by embedding operational discipline, documentation, and continuous improvement into tools, workflows, and standard work. The engineer drives repeatable, scalable processes that improve security posture, reduce operational risk, and support audit readiness across the enterprise and Operating Companies (OpCos). Key Responsibilities + Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships + Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup + Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology + Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS-R consistency + Manage SPNs, gMSAs, and Kerberos authentication dependenciesMentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery. + Maintain documentation including technical designs, workflows, configurations, and operational procedures . + Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience. + Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation + Develop scripts for auditing, compliance reporting, and operational health monitoring + Build automation for infrastructure lifecycle processes such as DC replacement and recovery + Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management + Manage privileged accounts and service account credentials in alignment with PAM policies + Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations + Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards + Implement tiered administration models and protected group governance Qualifications + Bacheloru2019s degree recommended; equivalent experience considered. + 6 years of hands-on experience administering Active Directory in enterprise environments + Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations + Advanced PowerShell scripting and automation capabilities + Strong understanding of Kerberos, SPNs, gMSAs, and delegation models + Experience working with CyberArk or similar PAM solutions integrated with Active Directory + Hands-on experience with AD disaster recovery and multi-domain/multi-forest environments + Understanding of Active Directoryu2019s role within identity governance and IAM ecosystems + Experience collaborating with PKI teams and supporting AD-integrated certificate services + Experience with hybrid identity environments (Entra ID / Azure AD Connect) + Strong knowledge of AD security hardening practices and attack mitigation techniques + Experience generating audit evidence and supporting compliance requirements + Experience with SIEM platforms such as CrowdStrike or equivalent + Experience supporting regulated or customer driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800-171 aligned expectations preferred. + Strong communication and documentation skills, with the ability to translate technical concepts into business impact. + Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture. + Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership. #LI-JW2 Ralliant Corporation Overview Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life u2014 faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant weu2019re building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world. We Are an Equal Opportunity Employer. Ralliant Corporation and all Ralliant Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at . Bonus or Equity This position is also eligible for bonus as part of the total compensation package. Pay Range The salary range for this position (in local currency) is 83400.00-155000.00 Is this role subject to ITAR? The essential duties of this position require adherence to U.S. Government export control regulations. Accordingly, candidates must either be U.S. Persons (i.e., U.S. citizens, U.S. lawful permanent residents, or protected individuals as defined by 8 U.S.C. 1324b(a)(3)) or be prepared to collaborate with the company in securing the necessary U.S. government export authorizations. While the company encourages all interested applicants to apply, please be aware that ongoing employment is dependent upon obtaining the appropriate government export authorizations.

Created: 2026-04-22