Senior Active Directory Engineer📣 إعلان

About the Role

Alnafitha IT is seeking a Senior Active Directory Engineer to provide managed operations and support a significant identity transformation initiative for a banking client in Riyadh, Saudi Arabia. This full-time role requires the engineer to act as the on-site technical liaison, ensuring the stability, security, and compliance of the client’s Active Directory environment while concurrently managing modernization projects alongside daily business operations.

Key Responsibilities: Operational Stability

The role involves daily and weekly management of Active Directory health, including monitoring replication, FSMO roles, SYSVOL, event logs, and domain controller performance. Daily health checks using tools like DCDIAG, REPADMIN, and NETDIAG will be performed, with proactive remediation as needed. Responsibilities also include managing DNS hygiene, ensuring accurate time synchronization, verifying backup success, and testing restores. Applying OS, security, and AD cumulative updates during approved maintenance windows is also a key task.

Key Responsibilities: Identity Transformation Support

In parallel with business-as-usual operations, the engineer will support a major change initiative. This includes participating in joint planning for modernization efforts such as forest consolidation, domain migration, schema upgrades, and security overhauls. Tasks involve deploying or upgrading domain controllers, modifying site links and replication schedules, restructuring OUs, migrating objects using tools like ADMT and PowerShell, implementing and refactoring GPOs, configuring trusts, and migrating service accounts to gMSA where feasible. Pre-change validation in lab environments and post-change validation with rollback capabilities are essential.

Key Responsibilities: Security and Compliance

Ongoing security and compliance hardening is critical. This involves maintaining an AD security baseline aligned with industry standards (CIS/NIST) and banking regulations. The engineer will manage and monitor privileged groups, review and clean up stale accounts, enforce encryption standards, manage and rotate service account credentials, and assist with privileged access management solutions. Ensuring audit policies forward logs to SIEM systems and investigating anomalies are also part of this responsibility.

Collaboration and Troubleshooting

The Senior Active Directory Engineer will serve as the technical liaison between the global AD team and local bank operations, participating in weekly design and status calls. This role requires translating global AD standards into local implementation plans and reporting on environment health and change progress. Troubleshooting and resolving AD-related incidents, including authentication failures, replication issues, and Kerberos errors, is a core function. This includes performing root cause analysis, supporting application teams with AD integration, and participating in security incident response.

Documentation and Knowledge Transfer

Maintaining comprehensive documentation is required, covering AD topology, domain controller inventory, FSMO locations, site links, GPO inventory, privileged group memberships, and service account lists. All changes made during the major initiative must be documented, including before and after states. Knowledge transfer to the local team and the global office will also be a key aspect of the role.