Identity Engineer - Active Directory

Identity Engineer – Active Directory

The Identity Engineer – Active Directory is responsible for administering, engineering, and optimizing Ralliant Corporation's complex, multi-domain Active Directory environment. This role serves as a hands-on technical leader across core AD infrastructure, ensuring stability, security, and scalability while supporting the broader Identity & Access Management (IAM) program.

This position operates within a multi-domain, multi-forest environment (13+ domains) with hybrid identity integration and deep dependencies across enterprise IAM systems. The engineer is expected to operate confidently across all layers of Active Directory, from object lifecycle management and Group Policy to replication topology, authentication mechanisms, and disaster recovery.

The role partners closely with Security, Infrastructure, and Compliance teams to ensure Active Directory functions as a secure and reliable foundation for enterprise identity. It contributes to identity strategy by aligning AD schema, attributes, and configurations with identity governance platforms and access lifecycle processes.

The role embraces the Ralliant Business System (RBS) by embedding operational discipline, documentation, and continuous improvement into tools, workflows, and standard work. The engineer drives repeatable, scalable processes that improve security posture, reduce operational risk, and support audit readiness across the enterprise and Operating Companies (OpCos).

Key Responsibilities

• Administer a multi-domain, multi-forest Active Directory environment including user, group, and computer object lifecycle management, OU structure, delegation models, and trust relationships
• Manage the full lifecycle of Group Policy Objects (GPOs), including design, implementation, auditing, and cleanup
• Maintain AD Sites and Services, DNS integration, subnet mappings, and replication topology
• Monitor and maintain Domain Controller health, replication status, FSMO roles, and SYSVOL/DFS-R consistency
• Manage SPNs, gMSAs, and Kerberos authentication dependencies
• Mentor and coach engineers through design reviews, code reviews, and knowledge sharing, promoting consistent and high-quality delivery.
• Maintain documentation including technical designs, workflows, configurations, and operational procedures.
• Contribute to identity strategy and roadmap planning, identifying opportunities to enhance automation, security, and user experience.
• Use PowerShell as the primary tool for data collection, reporting, bulk operations, and automation
• Develop scripts for auditing, compliance reporting, and operational health monitoring
• Build automation for infrastructure lifecycle processes such as DC replacement and recovery
• Support Active Directory integration with CyberArk for credential vaulting, rotation, and privileged session management
• Manage privileged accounts and service account credentials in alignment with PAM policies
• Collaborate on CPM dependencies, credential policies, and troubleshooting PAM-to-AD integrations
• Partner with PKI teams to ensure AD Certificate Services configurations align with enterprise standards
• Implement tiered administration models and protected group governance

Qualifications

• Bachelor's degree recommended; equivalent experience considered.
• 6 years of hands-on experience administering Active Directory in enterprise environments
• Deep expertise in AD architecture, including object management, GPOs, DNS, replication, and domain controller operations
• Advanced PowerShell scripting and automation capabilities
• Strong understanding of Kerberos, SPNs, gMSAs, and delegation models
• Experience working with CyberArk or similar PAM solutions integrated with Active Directory
• Hands-on experience with AD disaster recovery and multi-domain/multi-forest environments
• Understanding of Active Directory's role within identity governance and IAM ecosystems
• Experience collaborating with PKI teams and supporting AD-integrated certificate services
• Experience with hybrid identity environments (Entra ID / Azure AD Connect)
• Strong knowledge of AD security hardening practices and attack mitigation techniques
• Experience generating audit evidence and supporting compliance requirements
• Experience with SIEM platforms such as CrowdStrike or equivalent
• Experience supporting regulated or customer driven security requirements, including U.S. Government environments; familiarity with CMMC and NIST SP 800-171 aligned expectations preferred.
• Strong communication and documentation skills, with the ability to translate technical concepts into business impact.
• Ability to operate effectively across enterprise and OpCo environments, balancing global consistency with local context across multiple time zones and culture.
• Alignment with Ralliant values and the Ralliant Business System (RBS), including continuous improvement, transparency, and ownership.

About Us

Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we're building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world.

About the Team

Ralliant, originally part of Fortive, now stands as a bold, independent public company driving innovation at the forefront of precision technology. With a global footprint and a legacy of excellence, we empower engineers to bring next-generation breakthroughs to life — faster, smarter, and more reliably. Our high-performance instruments, sensors, and subsystems fuel mission-critical advancements across industries, enabling real-world impact where it matters most. At Ralliant we're building the future, together with those driven to push boundaries, solve complex problems, and leave a lasting mark on the world. We Are an Equal Opportunity Employer Ralliant Corporation and all Ralliant Companies are proud to be equal opportunity employers. We value and encourage diversity and solicit applications from all qualified applicants without regard to race, color, national origin, religion, sex, age, marital status, disability, veteran status, sexual orientation, gender identity or expression, or other characteristics protected by law. Ralliant and all Ralliant Companies are also committed to providing reasonable accommodations for applicants with disabilities. Individuals who need a reasonable accommodation because of a disability for any part of the employment application process, please contact us at View email address on click.appcast.io.

Job Info

• Job Identification 9311
• Job Category Information Security
• Locations 14150 SW Karl Braun Drive, Beaverton, OR, 97077, US 4114 Center at North Hills St. Suite 400, Raleigh, NC, 27609, US 4114 Center at North Hills St. Suite 400, Raleigh, NC, 27609, US (Hybrid)