Active Directory Engineer - Military veterans preferred

Secure our Nation, Ignite your Future

Become an integral part of a diverse team while working at an Industry Leading Organization, where our employees come first.  At ManTech International Corporation, you’ll help protect our national security while working on innovative projects that offer opportunities for advancement.

Currently, ManTech is seeking a motivated, career and customer-oriented Active Directory Engineer at our Kingstowne VA office.

Responsibilities include, but are not limited to:

• Modernize and continuously improving existing Enterprise Directory Services as part of on-going transition to more cloud-based offerings.
• Support needs assessment and requirements analysis in to prioritize implementation, development, and delivery. 
• Provide insights from login activities to provide the monitoring and controlling components, as well as the ability to push data to other robust Security Information and Event Management (SIEM) tools for better overall operational awareness.
• Perform analysis of existing USCIS Active Directory environments and develop new solutions to take advantage of new technologies and best practices provided by the latest versions of Windows Server, to include but not limited to:

  Bastion Forest for Administrative accounts

  Just In time administration

  Just Enough administration

  Privileged Access Workstations (PAW)

  Credential Partitioning

  Active Directory Federation Services (ADFS)

  Group Policy

  PowerShell Desired State Configuration

  Domain Trusts

• Collaborate with Operations when Architecting/Engineering USCIS Active Directory infrastructure for changes, modifications, and advancements, for a seamless transition and delivery.
• Design and implement complex identity management solutions utilizing tools such as PKI, ADFS, Azure AD Connect, and Microsoft Identity Manager.
• Engineer and evolve existing Enterprise PKI/Certificate infrastructure, engineer certificate template, and issuance to requestors.
• Coordinate Enterprise Active Directory delegation models and provide technical assistance to facility administrators, as required.
• Engineer, secure, and update Active Directory production environment. Conduct periodic disaster recovery planning exercises as needed.
• Work closely with internal teams to implement Group Policy Objects (GPOs), performance tuning as it relates to the latest Windows Desktop and Server Migration project(s).
• Assist with migration tasks as scheduled throughout USCIS offices; provide technical assistance to lower tiered administrators as needed/required.
• Collaborate with local facility administrators and teams regarding server hardware installations, upgrades, and migrations of essential AD services and rollout projects.
• Work with software vendors to identify, install, and deploy USCIS business need software solutions, involving AD LDAP authentication and delegation rights.
• Troubleshoot and resolve hardware, software, and network issues with operating systems, as required.
• Provide Architectural and Engineering analysis of on premise and cloud solutions to ensure, where applicable, interdependent systems have consistent architectures and divergent architectures are evaluated for business value, and removal of waste.
• Act as a technical liaison between USCIS OIT customers and third-party software/hardware vendors to deliver necessary solutions for the agency.
• Understanding of Computer and User authentication is required for troubleshooting performance issues associated with logon or Host resolution for both Server and Workstation such as or like NTLM, Kerberos and PKI/Smart Card authentication flows.
• Participate in the entire lifecycle (planning, deployment, maintenance) of critical IT services.
• Architect and engineer Azure AD Connect and Office 365 Suite.
• Implement Group Policy Objects (GPOs).
• Ensure all changes to the Group Policy Objects (GPOs) under Active Directory (AD) are controlled and documented.
• Ensure GPO testing is completed by engineering prior to GPO changes to production.
• Support VEEAM Administration to provide full backup and recovery for all virtual Field Servers.
• Assume the primary Hyper-V management and support duties for the field sites and secondary support for Data Center systems.
• Manage and apply Group Policy Objects in a domain environment.
• Provide and support DNS configuration, MS Clustering services, storage configuration, terminal services, TCP/IP protocol, and LDAP services.
• Provide architectural analysis of existing and new directory services in order to ensure that authentication flows are going to the appropriate service, to include but not limited to:

  Active Directory

  ADFS

  Azure AD (multiple and single tenant, commercial and Government)

  Identity Credential and Access Management (ICAM)

  AWS Identity and Access Management (commercial and Government)

• Design and architect automated concentric circle deployment models for phased rollouts to include, but not limited to:

  Group policy

  Patching

  Software deployment

• Architect and engineer the group policy when developing changes to the AD structure, new Security Technical Implementation Guides (STIGs), new operating systems, or as directed due to security or higher headquarter mandates and exceptions.
• Provide recommendations for new products and technology for supporting all layers of the IT infrastructure architecture based on testing and technology vetting.
• Participate with the Critical Incident Response Ticket (CIRT) team for after action reports and root cause analysis.
• Lead and participate in enterprise projects when appropriate, to include but not limited to:

  Enterprise Data Center Consolidation

  Enterprise Cloud based solutions

  Enterprise Unified Communications

  Next Generation Endpoint and Mobility operating systems

  Directory and Messaging services

  Enterprise Network and Compute configuration standards development

  Enterprise Network and Compute management development

  Enterprise Backup and archive design and solutions

  Enterprise Mobility solutions development

  Enterprise Management, configuration, and tools standardization

  Network (WAN/LAN) standards or changes

Basic Qualifications

Bachelor's degree in Computer Science, or related field preferred. 1-3 years of experience.

• A minimum of one (1) year of experience with monitoring performance and throughput, setting baselines for acceptable performances standards while teams develop new solutions.
• Experience working in public and private clouds.
• Ability and desire to work in a fast-paced, rapidly changing, collaborative environment.
• Strong troubleshooting and analytical skills required.
• Must have strong critical thinking, complex problem solving, appropriate judgment, and decision-making skills
• Experience with major cloud providers preferred.
• Possess superior technical aptitude and effective written and verbal communications skills.
• Proven experience with managing and using Dev Ops concepts.

• Capable of supporting the following tools or similar tools and activities:

  Bastion Forest for Administrative accounts

  Just In time administration

  Just Enough administration

  Privileged Access Workstations (PAW)

  Credential Partitioning

  Active Directory Federation Services (ADFS)

  Group Policy

  PowerShell Desired State Configuration

  Domain Trusts

  Solarwinds

  AlgoSec

  Infoblox

  Stealthwatch

  Microsoft Active Directory

  Group Policy

  CSP Cloud Service Provider Integration/Development not limited to:
  • Azure
  • AWS 
  • Google
  • Salesforce

  Cisco Routing, Switching and Compute platforms

  Active Directory Federation Service (ADFS)

  Microsoft System Center Suite

  Analytics, Automation and Orchestration requirements:
  • Chef
  • Puppet
  • Ansible

  Hyper-V

  VMWare and NSX

  Citrix

  Privileged Access Workstations

  Jump Hosts

  Powershell

  Python

  Dell Compute platforms

  AirWatch

  Intune

  Centrify

  Mac OSX

  Windows Operating Systems

  iOS

  Android

  HP and Dell Workstations and laptops

  NetApp Storage

  VEEAM

Preferred Qualifications:

• Certifications: MCSE or proven equivalent experience.
• Familiar with tools including: ServiceNow, GitHub, Jira, Confluence
• Experience with ITIL, DevSecOps and Agile concepts
• Experience supporting Government contracts

Security Clearance Requirements:

• U.S. Citizen with the ability to obtain Public Trust and complete DHS Security Clearance
• Ability to obtain DHS EOD suitability
• Current DHS EOD highly preferred

Physical Requirements:

• Office work, typically sedentary with some movement around the office.

For all positions requiring access to technology/software source code that is subject to export control laws, employment with the company is contingent on either verifying U.S.-person status or obtaining any necessary license. The applicant will be required to answer certain questions for export control purposes, and that information will be reviewed by compliance personnel to ensure compliance with federal law. ManTech may choose not to apply for a license for such individuals whose access to export-controlled technology or software source code may require authorization and may decline to proceed with an applicant on that basis alone.

ManTech International Corporation, as well as its subsidiaries proactively fulfills its role as an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, religion, age, sexual orientation, gender identity and expression, national origin, marital status, physical or mental disability, status as a Disabled Veteran, Recently Separated Veteran, Active Duty Wartime or Campaign Badge Veteran, Armed Forces Services Medal, or any other characteristic protected by law.

If you require a reasonable accommodation to apply for a position with ManTech through its online applicant system, please contact ManTech's Corporate EEO Department at (703) 218-6000. ManTech is an affirmative action/equal opportunity employer - minorities, females, disabled and protected veterans are urged to apply. ManTech's utilization of any external recruitment or job placement agency is predicated upon its full compliance with our equal opportunity/affirmative action policies. ManTech does not accept resumes from unsolicited recruiting firms. We pay no fees for unsolicited services.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access http://www.mantech.com/careers/Pages/careers.aspx as a result of your disability. To request an accommodation please click careers@mantech.com and provide your name and contact information.