Active Directory Engineer (Hybrid eligible)

Requisition Id 15474 

­­Overview:  

We are hiring an Active Directory Engineer to support and enhance our secure, enterprise-scale identity infrastructure! This role focuses on planning, sustaining, and securing Active Directory while also integrating Microsoft Entra ID (formerly Azure AD) for hybrid identity. The engineer will also strengthen endpoint and identity protection using Microsoft Defender technologies. This position requires strong technical expertise in directory services, authentication protocols, and federal cybersecurity compliance, with an emphasis on Zero Trust principles.

This position resides in the Digital Platform Services group in the Digital Services Infrastructure & Operations division, in the Information Technology Services Directorate at Oak Ridge National Laboratory (ORNL).  

Major Duties/Responsibilities: 

• Provide enterprise-level support for Active Directory services across the Secure infrastructure.
• Administer and troubleshoot Group Policy Objects (GPOs), ADFS, SAML, and SSO configurations.
• Manage Windows Certificate Services, PKI, and Smart Card (PIV) authentication.
• Support Microsoft Entra ID and Azure AD Connect for hybrid identity and directory synchronization.
• Integrate and support Microsoft Defender for Identity and Microsoft Defender for Endpoint to enhance identity and endpoint protection.
• Perform root cause analysis and lead resolution of complex directory service issues.
• Ensure compliance with Secure cybersecurity mandates, including but not limited to:
  • OMB M-22-09 (Federal Zero Trust Strategy)
  • NIST SP 800-53 Rev. 5 (Security and Privacy Controls)
  • CISA Zero Trust Maturity Model v2.0
  • DISA STIGs
• Develop and maintain system documentation, including configuration baselines and operational procedures.
• Automate administrative tasks using PowerShell or other scripting languages.
• Collaborate with cybersecurity and infrastructure teams to support secure identity lifecycle management.
• Provide training as required.
• Deliver ORNL’s mission by aligning behaviors, priorities, and interactions with our core values of Impact, Integrity, Teamwork, Safety, and Service. Promote equal opportunity by fostering a respectful workplace – in how we treat one another, work together, and measure success.

Basic Qualifications:

• A BS degree in computer science, computer engineering, information technology, information systems, science, engineering, business, or a related discipline and a minimum of eight (8) to twelve (12) years of aligned professional experience in a secure, enterprise infrastructure environment is required for consideration. An overall combination of equivalent education and experience may be considered.

• Masters and PhD degree holders in the same fields of study are also encouraged to apply:
• Masters’ holders should have a minimum of seven (7) to ten (10) years of relevant and aligned experience.
• PhD holders should have a minimum of four (4) to six (6) years of relevant and aligned experience.

• Microsoft certifications (e.g., MCSE, MCITP in Windows Server 2016/2019/2022).
• Experience developing and enforcing security controls aligned with federal cybersecurity mandates.
• Expert-level experience with:
  • Active Directory architecture and operations
  • Group Policy design and troubleshooting
  • ADFS, SAML, and SSO
  • PKI, PIV/Smart Cards, and Windows Certificate Services
  • Distributed File System including both DFS-N, and DFS-R
• Mid-level experience with:
  • Windows Server 2016, 2019, 2022, and 2025
  • Microsoft Entra ID / Azure AD and Azure AD Connect
  • Microsoft Defender for Identity and Defender for Endpoint
  • PowerShell or other scripting languages
  • Windows Failover Clustering
  • VMware vSphere and Hyper-V

Preferred Qualifications:

• Active DOE Q, active DOD Top Secret, or active DOD TS/SCI clearance is heavily preferred for consideration.
• Cloud identity or Cybersecurity certifications such as SC-300, AZ-500, CISSP, MD-102 are heavily desired.
• Excellent written and oral communication skills.

Special Requirements:  

• Visa sponsorship is not available for this position.

• This position requires the ability to obtain and maintain clearance from the Department of Energy. As such, this position is a Workplace Substance Abuse (WSAP) testing designated position. WSAP positions require passing a pre-placement drug test and participation in an ongoing random drug testing program.
  

Security, Credentialing, and Eligibility Requirements:
For employment at Oak Ridge National Laboratory (ORNL), a Real ID compliant form of identification will be required.  Additionally, ORNL is subject to Department of Energy (DOE) access restrictions. All employees must also be able to obtain and maintain a federal Personal Identity Verification (PIV) card as mandated by Homeland Security Presidential Directive 12 (HSPD-12) and Department of Energy (DOE) Order 473.1A, which requires a favorable post-employment background investigation.

To obtain this credential, new employees must successfully complete and pass a Federal Tier 1 background check investigation.  This investigation includes a declaration of illegal drug activities, including use, supply, possession, or manufacture within the last year.  This includes marijuana and cannabis derivatives, which are still considered illegal under federal law, regardless of state laws.

For foreign national candidates:
If you have not resided in the U.S. for three consecutive years, you are not eligible for the PIV credential and instead will need to obtain a favorable Local Site Specific Only (LSSO) risk determination to maintain employment.  Once you meet the three-year residency requirement, you will be required to obtain a PIV credential to maintain employment.   

About ORNL:

As a U.S. Department of Energy (DOE) Office of Science national laboratory, ORNL has an impressive 80-year legacy of addressing the nation’s most pressing challenges. Our team is made up of over 7,000 dedicated and innovative individuals! Our goal is to create an environment where a variety of perspectives and backgrounds are valued, ensuring ORNL is known as a top choice for employment. These principles are essential for supporting our broader mission to drive scientific breakthroughs and translate them into solutions for energy, environmental, and security challenges facing the nation.

ORNL offers competitive pay and benefits programs to attract and retain individuals who demonstrate exceptional work behaviors. The laboratory provides a range of employee benefits, including medical and retirement plans and flexible work hours, to support the well-being of you and your family.

Employee amenities such as on-site fitness, banking, and cafeteria facilities are also available for added convenience.

Other benefits include the following: Prescription Drug Plan, Dental Plan, Vision Plan, 401(k) Retirement Plan, Contributory Pension Plan, Life Insurance, Disability Benefits, Generous Vacation and Holidays, Parental Leave, Legal Insurance with Identity Theft Protection, Employee Assistance Plan, Flexible Spending Accounts, Health Savings Accounts, Wellness Programs, Educational Assistance, Relocation Assistance, and Employee Discounts.

If you have difficulty using the online application system or need an accommodation to apply due to a disability, please email: ORNLRecruiting@ornl.gov.

This position is in Oak Ridge, Tennessee and requires onsite presence.  We offer a flexible work environment that supports both the organization and our employees.  A hybrid/onsite working arrangement may be available with this position, which provides flexibility to work periodically from your home, while reporting onsite to the Oak Ridge, Tennessee location on a weekly and regular basis.

#LI-CS1

This position will remain open for a minimum of 5 days after which it will close when a qualified candidate is identified and/or hired.

We accept Word (.doc, .docx), Adobe (unsecured .pdf), Rich Text Format (.rtf), and HTML (.htm, .html) up to 5MB in size. Resumes from third party vendors will not be accepted; these resumes will be deleted and the candidates submitted will not be considered for employment.

If you have trouble applying for a position, please email ORNLRecruiting@ornl.gov.

ORNL is an equal opportunity employer. All qualified applicants, including individuals with disabilities and protected veterans, are encouraged to apply.  UT-Battelle is an E-Verify employer.