Senior Entra ID/Active Directory Engineer Systems Engineer 3

Senior Entra ID/Active Directory Engineer (Systems Engineer 3)

Print (/ governmentjobs. com/careers/metrocouncil/jobs/newprint/4693137)

Apply




Salary

See Position Description

Location

390 Robert St. N St. Paul, MN

Job Type

Full-Time

Job Number

2024-00377

Division

Regional Administration

Department

IS-Admin

Opening Date

12/20/2024

Closing Date

1/12/2025 11:59 PM Central

Description

Benefits

Questions

WHO WE ARE

We are theMetropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services. More information about us on our website. (/metrocouncil. org/About-Us/The-Council-Who-We-Are. aspx)

We are committed to supporting a diverse workforce that reflects the communities we serve.

Information Servicesis the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council.

How your work would contribute to our organization and the Twin Cities region:

We are seeking a highly skilled and experienced Senior Entra ID / Active Directory Engineer to join our team. This role is critical in administering and securing a complex IT environment containing CJIS Data, PCI, HIPAA, and PII data. The ideal candidate will have extensive experience in managing hybrid on-premises and cloud identity services, implementing security best practices, and ensuring compliance with regulatory requirements. This position demands a proactive individual with strong technical expertise, leadership skills, and a commitment to operational excellence.

This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin.

Full Salary Range: $44. 72 - $72. 53 hourly/$93,018 - $150,862 yearly

What you would do in this job

Identity Management & Administration:

Design, implement, and manage hybrid Active Directory (AD) environments and Azure Active Directory (Entra ID)

Integrate systems and applications with centralized authentication solutions

Administer identity federation services such as Single Sign On (SSO) and Multifactor Authentication (MFA)

Manage directory synchronization tools like Azure AD Connect or Okta

Security & Compliance:

Implement security measures to protect AD/Entra ID environments against vulnerabilities

Ensure compliance with CJIS, PCI, HIPAA, and other relevant regulatory frameworks

Conduct regular disaster recovery exercises for AD/Entra ID environments

Develop and enforce security baselines and policies for identity services

Operational Excellence:

Monitor system performance, capacity planning, and resolve high-severity incidents

Automate processes using PowerShell scripting or other tools to enhance efficiency

Conduct regular health checks of identity platforms to ensure operational stability

Maintain detailed technical documentation and Standard Operating Procedures (SOPs)

Collaboration & Leadership:

Provide technical leadership to cross-functional teams

Mentor junior engineers and operational teams on best practices

Participate in architectural discussions to design scalable, secure solutions

Collaborate with stakeholders to align identity services with business needs

What education and experience are required for this job (minimum qualifications)

Any of the following combinations of education (in Computer Science, Systems Security, or similar) and relevant experience:

Bachelor's degree and 5 years of experience

Associate's degree and 7 years of experience

High school diploma or GED and 9 years of experience

Experience should include Active Directory/Entra ID engineering and experience managing environments containing sensitive data (CJIS, PCI, HIPAA, etc. ).

Knowledge, Skills, and Abilities:

Advanced knowledge of Active Directory (onpremises) and Azure Active Directory/Entra ID

Expertise in authentication protocols such as LDAP, Kerberos, SAML, OIDC

Proficiency in PowerShell scripting for automation tasks

Experience with disaster recovery planning for directory services

Familiarity with Group Policy Objects (GPO), AD replication, backup/restoration processes

Strong understanding of identity security best practices

Experience implementing privileged access management (PAM) solutions

Familiarity with regulatory frameworks like CJIS, PCI DSS, HIPAA

Strong problem-solving abilities under pressure

Excellent communication skills for collaboration across teams

High attention to detail with a proactive approach to identifying risks

What additional skills and experience would be helpful in this job (desired qualifications):

Relevant certifications such asMicrosoft Certified: Identity and Access Administrator Associate(SC300) orMCSE: Core Infrastructure

Expertise with Microsoft Azure

Expertise with Entra ID

Experience in domain consolidation or migration projects

Knowledge of modern access control models (RBAC, PBAC)

Exposure to AI/ML tools for enhancing IT operations

What you can expect from us:

We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area

We encourage our employees to develop their skills through on-site training and tuition reimbursement

We provide a competitive salary, excellent benefits and a good work/life balance

More about why you should join us! (/metrocouncil. org/Employment/Making-A-Difference. aspx)

Additional information

Union/Grade:AFSCME, Grade I

FLSA Status:Exempt

Safety Sensitive:No

Work Environment:

Work is performed in a standard office setting. May require travel between primary worksite and various locations on short notice to resolve computer system problems.

What steps the recruitment process involves:

We review your minimum qualifications

We rate your education and experience

We conduct a structured panel interview

We conduct a selection interview

Once you have successfully completed the steps above, then:

If you are new to the Metropolitan Council, you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history. A driving record check and/or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail. The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the cand.