Active Directory & Identity Engineer

About the role

GoPomelo is looking for an experienced Active Directory & Identity Engineer to provide Day‑2 support for a client’s hybrid identity environment. The role is fully remote and will be the primary point of contact for on‑premises AD administration and its integration with Microsoft Entra ID (Azure AD).

Key responsibilities

• Manage the full AD account lifecycle – create, modify, suspend, and delete accounts.
• Resolve account lockouts and password resets within SLA.
• Create, modify, and audit Group Policy Objects to enforce security baselines.
• Administer security templates, OU structures, and ADFS relying‑party trusts.
• Coordinate domain‑join support with the EUC team and execute AD auto‑provisioning scripts linked to HR onboarding.
• Monitor and maintain Azure AD Connect/Entra Connect health, resolve sync errors and UPN mismatches.
• Design, implement, and monitor Conditional Access policies based on device health, location, and user risk.
• Investigate sign‑in risk alerts, support MFA configuration, and troubleshoot identity‑related tickets.
• Produce monthly service reports and keep SOPs up to date in the knowledge base.

Required profile

• Minimum 3 years of hands‑on experience managing on‑premises Active Directory in an enterprise setting.
• Proven ability to work within a managed services framework and meet defined SLAs.
• Experience with hybrid environments that include Azure AD and optional Google Workspace integration.
• ITIL Foundation certification or equivalent is a plus.

Required skills

• Active Directory administration and GPO management.
• ADFS configuration, relying‑party trusts, and claims‑rules troubleshooting.
• Azure AD Connect / Entra Connect sync configuration and error resolution.
• Entra ID (Azure AD) user management, licensing, roles, and Conditional Access policy design.
• PowerShell scripting for automation and reporting.
• Understanding of identity protocols: Kerberos, NTLM, LDAP, SAML.
• Familiarity with Microsoft Intune, SCCM, Google Workspace identity integration, SailPoint or CyberArk is advantageous.