Sr. Systems Engineer
Johns Hopkins University
Baltimore , MD
Job posting number: #7135630
Posted: March 22, 2023
Application Deadline: Open Until Filled
Job Description[email protected] Enterprise Directory and Messaging is seeking a Sr. Systems Engineer who will be responsible for the Johns Hopkins Enterpriser Active Directory, Azure AD and Office 365 tenants. Also, will be responsible for configuring and managing Johns Hopkins Office 365 tenants and designing, implementing, and supporting services for AD, Azure AD and Identity management solutions. This position will be working with other teams to implement federated services, SSO, MFA, conditional access, etc. for authentication and access to Office 365 and Azure cloud services.
Specific Duties & Responsibilities
Interacts with customers daily. Must be able to work closely with customers and vendors to understand and translate their functional needs into technical requirements.
Understands business critical application support of network connectivity.
Serves as a knowledgeable liaison between the functional and technical communities.
Responsible for developing an understanding of the general business requirements needed to support services supported by the Directory Services team. Successful configuration of the systems to meet client needs also calls for an ability to quickly grasp client-specific solutions for AD, Azure AD, RDLS and Privileged Access Management.
Provides support for the configuration, deployment, and management of Directory Services systems and solutions.
Hands on with testing, configuration, design, and troubleshooting.
Meets with customers to share methods and procedures that help customer understand services supported by Directory Services. Provides advice to customers and follow up with customers to ensure complete satisfaction. Building and maintaining strong, trusted customer and vendor relationships are critical as well.
Works on a team responsible for supporting Directory Services systems and appliances. Will also need to work independently testing and troubleshooting any issues in an Enterprise environment and maintain 100% uptime of systems and appliances.
Leads projects and manage supporting staff as assigned to complete the project.
Works with management on setting timelines and priorities and works independently to achieve project goals.
Specific duties include but not limited to:
Configures and manage on-premises Active Directory and Azure Active Directory environments.
Supports, implements and designs services for Azure AD and identity management solutions.
Provides engineering services to plan and execute AD domain consolidations.
Resolves problems and issues related to Active Directory and Azure Active Directory
Configurations and maintenance of policies, settings, and packages within the Office 365 ecosystem
Standardization and maintenance of permissions and Azure AD roles using Role Based Access Controls including Group-based Privileged Identity Management
Formulation, integration, and testing of Conditional Access Policies to secure access to company and web resources.
Promotes innovative solutions to clients regarding Office 365 offerings and Azure AD integrations.
Acts as highest tier of escalation for issues related to Office 365 and Azure AD
Accepts escalations and complete service requests within the established SLAs and provide best practice recommendation.
Setups, configures and integrates new Azure AD tenants.
Ensures compliance with industry and company standards.
Keeps up-to-date on emerging trends in the Identity, Authentication, Authorization, Device Management, Governance, and Information Security industries especially as they relate to Azure AD
Deep understanding of the directory synchronization process for Azure AD.
Specific Devices, Software, Projects
Our environment must be highly available and secure to successfully support both the Hospital and the University missions. The technologies involved in designing, deploying and managing Directory Services supported services include a knowledge of AD, Azure AD, DNS, Privileged Access Management, PowerShell scripting, Networking, IP Subnetting, AD, PKI/Certificate services, VPN, and server and appliances support. Implementation involved strong technical and implementation knowledge of implementing systems in the public cloud (Azure and AWS). Directory Services projects.
Active Directory Forest management, including AD Site and Services, trust, group policy, users, computers, groups and OU management.
Office 365: A suite of collaboration tools such as OneDrive and Microsoft Office provided online through the Office 365 Portal.
Azure Active Directory: Azure AD is Microsoft's cloud-based identity and access management service, which helps Johns Hopkins faculty, staff, and student sign in and access cloud resources and Internal resources, on the Hopkins corporate network and intranet, along with any cloud apps developed by the organization. Azure AD provided single sign-on and multi-factor authentication to help protect users from cybersecurity attacks.
Microsoft DirSync and AD integration: Work with the Identity team to deploy Office 365 Directory Synchronization (DirSync) to synchronize accounts between Hopkins on-premises directory and Azure Active Directory tenants with Office 365.
Federation Services and Single Sign-On (SSO): Work with the Enterprise Authentication team where require access for example SharePoint sites or other web-based Office 365 services, it is important to have an understanding on Active Directory Federation Services and Single Sign-On system for access to Hopkins resources in Office 365.
PowerShell: Knowledge of setting up Windows PowerShell, Microsofts task automation and configuration management system, especially where automation is a necessity for administration.
Domain Name Systems (DNS): Should be comfortable with DNS and mapping domain names to internal and external Hopkins resources and Internet resources.
Scale/size of Area, Project and/or System Supported
Services the Enterprise Directory Services team supports are used across the university, hospitals and medical institutions for business-critical processes. It is used by applications, systems and network attached devices (Wired and Wireless).
AD/Azure AD is use for authentication and access to hundreds of applications and provides MFA as a second factor for security. A suite of collaboration tools such as Teams, OneDrive and Microsoft Office is accessible online to all Hopkins faculty, staff, and students the Office 365 Portal. 160,000+ John Hopkins Enterprise Directory (JHED) user accounts and thousands of computers and devices are being sync daily from the Enterprise on-premises AD to Azure AD. Azure AD and Office 365 is critical for authentication and access to systems, applications, cloud services, network resources, etc. therefore availability for these services is critical to the institution mission and business.
Managing and supporting the Johns Hopkins Office 365 tenants requires working/collaborating with several Hopkins. IT groups, Departments and Schools.
Special Knowledge, Skills, & Abilities
Must demonstrate strong critical thinking and analytical reasoning skills.
Ability to work on multiple priorities effectively.
Ability to prioritize conflicting demands.
Ability to execute assigned project tasks within established schedule.
Ability to work collaboratively in a team environment.
Ability to communicate effectively in the service of users and colleagues.
Writes and communicates clearly and concisely.
Possesses sound documentation skills.
Ability to maintain confidentiality
Must demonstrate exemplary customer service skills.
Understand the basic functioning of Networking, Databases, Software and Servers in the Cloud.
Possess strong technical skills and independently stay current with a constantly changing technology and vendor landscape
Knowledge of Microsoft Azure, Microsoft Azure AD, Active Directory, Office 365, Remote Desktop Licensing, Azure and Office 365 Licensing, Certificate Services, PowerShell, Conditional Access, multi-factor authentication, Windows Desktop and Server Operating System. Azure B2B, DNS, Federation Services, SSO, Identity Management, PowerShell scripting, Device registration in Azure, Azure roles and security, Azure Subscriptions, and a clear understanding of core Cloud Computing services.
Modified hybrid, Mt. Washington.
Five years related experience (Direct programming experience while pursuing education may count towards related experience.
Significant undergraduate programming coursework or independent project can be considered as related experience.)
Additional education may substitute for required experience and additional related experience may substitute for required education, to the extent permitted by the JHU equivalency formula.