AD Engineer

For our client (a Biotech Company) in Utrecht we are looking for an AD Engineer with the following skillset:
 

Active Directory (On-Prem)

• Deep knowledge of AD DS (Domain Services), Sites & Services, FSMO roles, GPOs
• DNS/DHCP administration and integration with AD
• Backup/restore (authoritative/non-authoritative restores)
• AD replication troubleshooting 
• Kerberos and NTLM protocol knowledge

Azure Active Directory

• Azure AD Connect / Cloud Sync setup and troubleshooting
• Conditional Access Policies
• Identity Protection, SSPR, MFA configuration
• Custom roles and RBAC in Azure AD
• Enterprise Application SSO and SCIM provisioning
• Hybrid Join / Autopilot / Intune alignment (optional but valuable)

Hybrid Identity Infrastructure

• Federation services: ADFS, PTA (Pass-through Authentication), Seamless SSO
• Sync rules, staging mode, attribute flows in AAD Connect Group writeback / device writeback
• Managing Hybrid Exchange environments (if applicable)   

Identity Lifecycle Management

• Joiner/Mover/Leaver process integration with AD and AAD
• Understanding of HR-driven provisioning or integration with identity sources of truth

Privileged Access Management

• AD Tiering models (Red Forest / ESAE legacy or modern PAM)
• PIM for Azure AD & PAWs (Privileged Access Workstations)
• Integration of Just-in-Time (JIT) access for roles

Directory Governance & Audit

• Use of tools like Quest, Ping, or SailPoint, for AD governance
• Audit logging, access reviews, and recertification processes  

Tooling and Scripting

• PowerShell mastery: ActiveDirectory, MSOnline, AzureAD, Graph modules
• Familiarity with Microsoft Graph API for automation
• Use of LDIFDE, CSVDE, ADSI Edit, Event Viewer
• Experience with SIEM integration (e.g., Splunk, Sentinel)  

Security & Compliance Alignment

• Implementing Zero Trust principles in identity space
• Aligning directory services with ISO 27001, NIST, or CIS frameworks
• Response to audit/compliance findings related to identity  

Soft Skills & Strategic Alignment

• Strong cross-team collaboration with IAM, Security, and Cloud teams
• Capable of writing SOPs, runbooks, and KBs
• Able to translate tech into business impact (critical in IAM)
• Strong incident response and RCA (Root Cause Analysis) discipline  

Optional Bonus Areas

• Familiarity with Entra ID Governance
• Delegation models (e.g., AGDLP, OU-based delegation)
• Azure B2B/B2C (for IAM engineers extending into external identity)