Sr. Principal Systems Administrator – Identity and Access Management System Administrator (24-069) BLSK
Northrop Grumman
- Colorado Springs, CO
- $109,900-164,900 per year
- Permanent
- Full-time
- Deployment and maintenance of all active directory domain services/controllers.
- Includes monitoring the health and status of all sites and services in the enterprise.
- Deploy and maintain all certificate authority (CA) services, including issuing all SSL certificates and building new CA servers in the enterprise.
- Tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.
- Tracking all issued SSL certs for all enterprise enclaves and working with existing administrators to ensure no certificate expiration, potentially impacting services to the C2BMC-G user base.
- Creating and maintaining system policies, such as Windows group policies and Linux authentication PAM rules/files (in concert with the Linux/UNIX team) and tracking any potential issues as they arise on the system.
- Maintenance of all account matrices, including all applicable permissions cross-overs between enclaves when/if needed.
- Work continuously with the cyber team to ensure all RBAC controls comply with current policies for restriction access between enclaves and systems in the enterprise for each applicable user/team.
- Assist the cyber team with monitoring all directory services for unusual logins or account behavior metrics to ensure the safety and integrity of the C2BMC-G system enterprise's data.
- Work with other teams to deploy and maintain technologies that include collaborative aspects, such as instant message platforms in the enterprise.
- Work with all teams to ensure proper distributed authentication services are configured properly to ensure non-repudiation to all available sources.
- Assisting with configuring LDAP services to network/software solutions to ensure RBAC access to the user base. Examples of LDAP/LDAPS connected endpoint configurations could be HPE iLO interfaces, Gitlab, Cisco ISE, FortiManager, Raritan KVM, etc.
- Experience with Active Directory technologies in an enterprise-level system
- Comfortable with creating and modifying group policies for forest-level application
- Management of Active Directory remote site replication policies and health monitoring
- Comfortable with using network/system health tracking solutions, such as SolarWinds, for monitoring system health for both virtual infrastructure as well as hardware health
- Experience with writing standard operating procedures (SOP) documentation
- An active Top-Secret clearance is required to start with the ability to obtain TS/SCI and SAP clearance.
- 10 years with a bachelor's degree in a related field; 14 years experience in lieu of a degree.
- Active TS/SCI and SAP clearance is highly desired.
- Thorough understanding of Active Directory and its replication structure when used in a distributed forest, separated through WAN links.
- Experience with an on-premise multi-domain environment using Role-based administrative controls (RBAC) for least privilege.
- Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners.
- The ability to integrate automation technologies into daily Active Directory use is a plus.
- Health Plan
- Savings Plan
- Paid Time Off
- Education Assistance
- Training and Development
- Flexible Work Arrangements