For our client (a Biotech Company) in Utrecht we are looking for an AD Engineer with the following skillset:
Active Directory (On-Prem)
- Deep knowledge of AD DS (Domain Services), Sites & Services, FSMO roles, GPOs
- DNS/DHCP administration and integration with AD
- Backup/restore (authoritative/non-authoritative restores)
- AD replication troubleshooting
- Kerberos and NTLM protocol knowledge
Azure Active Directory
- Azure AD Connect / Cloud Sync setup and troubleshooting
- Conditional Access Policies
- Identity Protection, SSPR, MFA configuration
- Custom roles and RBAC in Azure AD
- Enterprise Application SSO and SCIM provisioning
- Hybrid Join / Autopilot / Intune alignment (optional but valuable)
Hybrid Identity Infrastructure
- Federation services: ADFS, PTA (Pass-through Authentication), Seamless SSO
- Sync rules, staging mode, attribute flows in AAD Connect Group writeback / device writeback
- Managing Hybrid Exchange environments (if applicable)
Identity Lifecycle Management
- Joiner/Mover/Leaver process integration with AD and AAD
- Understanding of HR-driven provisioning or integration with identity sources of truth
Privileged Access Management
- AD Tiering models (Red Forest / ESAE legacy or modern PAM)
- PIM for Azure AD & PAWs (Privileged Access Workstations)
- Integration of Just-in-Time (JIT) access for roles
Directory Governance & Audit
- Use of tools like Quest, Ping, or SailPoint, for AD governance
- Audit logging, access reviews, and recertification processes
Tooling and Scripting
- PowerShell mastery: ActiveDirectory, MSOnline, AzureAD, Graph modules
- Familiarity with Microsoft Graph API for automation
- Use of LDIFDE, CSVDE, ADSI Edit, Event Viewer
- Experience with SIEM integration (e.g., Splunk, Sentinel)
Security & Compliance Alignment
- Implementing Zero Trust principles in identity space
- Aligning directory services with ISO 27001, NIST, or CIS frameworks
- Response to audit/compliance findings related to identity
Soft Skills & Strategic Alignment
- Strong cross-team collaboration with IAM, Security, and Cloud teams
- Capable of writing SOPs, runbooks, and KBs
- Able to translate tech into business impact (critical in IAM)
- Strong incident response and RCA (Root Cause Analysis) discipline
Optional Bonus Areas
- Familiarity with Entra ID Governance
- Delegation models (e.g., AGDLP, OU-based delegation)
- Azure B2B/B2C (for IAM engineers extending into external identity)
Contact
-
1 from 4Fill in your informationUsing the button below you can leave your details and upload your resume.
-
2 from 4We get in touchIn a first acquantaince we discuss your wishes, your ambitions and motivations.
-
3 from 4Personal introductionWe introduce you to the client, you are invited for a personal interview.
-
4 from 4Contract discussionsIn the event of a match, we discuss all the details with you and the customer.