Identity and Access Management System Administrator
IERUS Technologies
- Colorado Springs, CO
- $109,400-160,200 per year
- Permanent
- Full-time
- BA/BS in Engineering/Computer Science or a related technical discipline, or equivalent experience.
- Must be a US citizen with an active Top Secret clearance with eligibility for SCI and SAP.
- 5-6 years experience with Active Directory technologies in an enterprise-level system.
- Comfortable with creating and modifying group policies for forest-level application.
- Management of Active Directory remote site replication policies and health monitoring.
- Comfortable with using network/system health tracking solutions, such as SolarWinds for monitoring system health for both virtual infrastructure as well as hardware health.
- Experience with writing standard operating procedures (SOP) documentation.
- Deployment and maintenance of all active directory domain services/controllers. This includes monitoring the health and status of all sites and services in the enterprise.
- Deployment and maintenance of all certificate authority (CA) services, including issuing all SSL certificates and building new CA servers in the enterprise.
- Tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.
- Tracking all issued SSL certs for all enterprise enclaves and working with existing administrators to ensure no certificate expiration, potentially impacting services to the C2BMC-G user base.
- Creating and maintaining system policies, such as Windows group policies and Linux authentication PAM rules/files (in concert with the Linux/UNIX team) and tracking any potential issues as they arise on the system.
- Maintenance of all account matrices, including all applicable permissions cross-overs between enclaves when/if needed.
- Work continuously with the cyber team to ensure all RBAC controls are compliant with current policies for restriction access between enclaves and systems in the enterprise for each applicable user/team.
- Assist the cyber team with monitoring all directory services for out-of-the-ordinary logins or account behavior metrics to ensure the safety and integrity of the data of the C2BMC-G system enterprise.
- Work with other teams to deploy and maintain technologies that include collaborative aspects, such as instant message platforms in the enterprise.
- Thorough understanding and Active Directory and its replication structure when used in a distributed forest, separated using WAN links.
- Experience with an on-premise multi-domain environment using Role-based administrative controls (RBAC) for least privilege.
- Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners.
- Ability to integrate automation technologies into daily Active Directory use is a plus.