Activision Blizzard’s IT Enterprise Services division is looking for an experienced and talented Active Directory engineer to join our Identity and Access Management Operations team. The IAM Ops team is responsible for engineering and administration of the applications and services which support identity management along with on-prem and cloud authentication.

This role augments our team of System Engineers responsible for Microsoft Active Directory/Azure AD (AD/AAD) services across the Activision, Blizzard, and King organizations. The ideal candidate is well-versed in identity management principles and is specifically experienced in designing, deploying, operating, and troubleshooting AD/AAD implementations in a secure fashion and according to industry’s best practices. If you dream about optimized OUs and delegations, spent a week getting your end-to-end replication time down to a couple minutes, and converted all your service accounts to GMSAs, then we want to hear from you!

A good System Engineer is a self-starter who watches for every area of improvement and proactively drives new solutions to stay ahead of the company’s needs. Working directly with our project management and other IT teams, this role will drive decisions which shape our services for years to come. This role also works directly with our Information Security team to review proposed configurations before implementing, and to address any issues with existing infrastructure and resolve any issues with existing policies and configurations.

Responsibilities

Design, deploy, operate and optimize new and existing AD/AAD solutions and services.
Leverage PowerShell and Azure Automation and other tools to standardize and automate common tasks.
Drive secure services toward Infrastructure as Code using tools like Powershell DSC.
Provide guidance to AD/AAD integration teams and other administrators from across the business.
Monitor service health and improve monitoring toolkits for better service insight and alerting.
Create documentation such as Standard Operating Procedures, Knowledge Base articles, and Troubleshooting Guides which promote user and administrator self-service.
Support our AD/AAD infrastructure during business hours and participate in an on-call rotation providing 24/7 support.
Support legacy auth configurations such as LDAP.
Perform other related duties as assigned.

Requirements

Experience designing, deploying, and managing on premise Active Directory in an enterprise environment.
Experience using Powershell for automation of system and user management.
Experience engineering new enterprise solutions from requirements gathering through implementation, documentation, and operational handoff.
Experience designing, deploying, and managing MS Group Policy Objects.
Experience designing and managing Azure AD and Azure AD Connect including, but not limited to Azure AD Connect upgrades, configuration changes, enterprise applications, conditional access policies, Azure AD hardening, auditing and logging.
Advanced knowledge of computer security systems, applications, procedures, and techniques.
Expert knowledge of Windows Operating system and authentication mechanisms used by Active Directory and Azure AD.
Strong interpersonal and communication skills.
Excellent English written and verbal communication skills.
Willing to travel occasionally.

Bonus Points For

A degree in computer science, Information Technology or related field.
Relevant Microsoft Certifications.
Experience with tools like Quest Recovery Manager for AD and GPOADmin.
Experience troubleshooting PKI and AD’s use of it.
Experience in administration of Office 365, Microsoft Partner Portal, Azure infrastructure as a service.
Experience with cross-tenant collaboration and guest identities in Azure AD.
Experience with SAML and OIDC applications as it relates to Azure AD.
Virtualization experience with VMware.
Experience working in a DevOps environment, or knowledge of DevOps principles.
Understanding of ITIL framework.
Love for video games.