Identity Engineer - Active Directory

Role Description Location: Raleigh, NC OR Beaverton, OR Hybrid The Identity Engineer – Active Directory is responsible for administering, engineering, and optimizing Ralliant Corporation’s complex, multi-domain Active Directory environment. This role serves as a hands‑on technical leader across core AD infrastructure, ensuring stability, security, and scalability while supporting the broader Identity & Access Management (IAM) program. This position operates within a multi-domain, multi-forest environment (13+ domains) with hybrid identity integration and deep dependencies across enterprise IAM systems. The engineer is expected to operate confidently across all layers of Active Directory, from object lifecycle management and Group Policy to replication topology, authentication mechanisms, and disaster recovery. The role partners closely with Security, Infrastructure, and Compliance teams to ensure Active Directory functions as a secure and reliable foundation for enterprise identity. It contributes to identity strategy by aligning AD schema, attributes, and configurations with identity governance platforms and access lifecycle processes. The role embraces the Ralliant Business System (RBS) by embedding operational discipline, documentation, and continuous improvement into tools, workflows, and standard work. The engineer drives repeatable, scalable processes that improve security posture, reduce operational risk, and support audit readiness across the enterprise and Operating Companies (OpCos). Key Responsibilities Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS‑R consistency Manage SPNs, gMSAs, and Kerberos authentication dependencies Mentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery Maintain documentation including technical designs, workflows, configurations, and operational procedures Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation Develop scripts for auditing, compliance reporting, and operational health monitoring Build automation for infrastructure lifecycle processes such as DC replacement and recovery Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management Manage privileged accounts and service account credentials in alignment with PAM policies Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards Implement tiered administration models and protected group governance Qualifications Bachelor’s degree recommended; equivalent experience considered 6 years of hands‑on experience administering Active Directory in enterprise environments Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations Advanced PowerShell scripting and automation capabilities Strong understanding of Kerberos, SPNs, gMSAs, and delegation models Experience working with CyberArk or similar PAM solutions integrated with Active Directory Hands‑on experience with AD disaster recovery and multi-domain/multi-forest environments Understanding of Active Directory’s role within identity governance and IAM ecosystems Experience collaborating with PKI teams and supporting AD‑integrated certificate services Experience with hybrid identity environments (Entra ID / Azure AD Connect) Strong knowledge of AD security hardening practices and attack mitigation techniques Experience generating audit evidence and supporting compliance requirements Experience with SIEM platforms such as CrowdStrike or equivalent Experience supporting regulated or customer‑driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800‑171 aligned expectations preferred Strong communication and documentation skills, with the ability to translate technical concepts into business impact Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership Benefits Bonus or Equity: This position is also eligible for bonus as part of the total compensation package. Pay Range: The salary range for this position (in local currency) is 83,400.00-155,000.00. Export Control The essential duties of this position require adherence to U.S. Government export control regulations. Candidates must either be U.S. Persons (i.e., U.S. citizens, U.S. lawful permanent residents, or protected individuals as defined by 8 U.S.C. 1324b(a)(3)) or be prepared to collaborate with the company in securing the necessary U.S. government export authorizations. Ongoing employment is dependent upon obtaining the appropriate government export authorizations. Equal Opportunity Employment We Are an Equal Opportunity Employer. Ralliant Corporation and all Ralliant Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at View email address on click.appcast.io . #J-18808-Ljbffr Ralliant