Cloud Engineering Professional

Job Description

Why this job matters

You will be part of dynamic team who will be Strategy and implementing Zero Trust Security Model to improve BT’s security posture. You will be having an opportunity to work on Active Directory and Microsoft Entra ID (Azure Active Directory) and various new data security and compliance capability/tools such as MDI, MDE.

We are seeking a skilled and detail-oriented Active Directory professional to manage, maintain, and assist our large enterprise Active Directory (AD) multi forest environment. This role is liable for ensuring the integrity, security, and efficient operation of our AD/Entra ID infrastructure across multiple domains and environments.

What you’ll be doing

• Strong knowledge of Windows Server (2016/2019/2022/2025) and Active Directory architecture.

• Proficiency in Group Policy management, PowerShell scripting, and AD automation.

• Experience with identity management tools (Entra ID, SailPoint, etc.) is a plus.

• Understanding of cybersecurity principles related to identity and access management.

• Ability to work independently and as part of a team in a fast-paced environment.

• Manage and maintain Active Directory (AD) environment, including user accounts, groups, organizational units (OUs), group policies (GPOs), DNS, delegation, AD integrated services and trusts relation.

• Configure and manage domain controllers(demote/promote), replication, and forests/domains.

• Configure and manage Certificate Authority, Secure Certificate Templates Understanding of PKI Infrastructure.

• Monitor system performance, availability, and security using relevant tools.

• Implement and enforce security policies in accordance with IT best practices and compliance standards.

• Troubleshoot and resolve AD-related issues, including login problems, replication errors, and access control issues.

• Plan and execute changes to AD infrastructure, including migrations, upgrades, and disaster recovery.

• Collaborate with IT teams on access management, single sign-on (SSO), SailPoint and identity federation solutions.

• Document AD configurations, processes, and procedures.

• Improving Active Directory security posture by implementing various security controls like MDI, CrowdStrike, Qualys, and Patch deployment etc

• Writing PowerShell scripts to generate various reports.

• Exploring new Active Directory and Microsoft Entra ID (Azure Active Directory) Security features and help to implement it.

Skills Required

• Detailed knowledge on Microsoft Active Directory and Entra ID (Azure Active Directory), Microsoft Entra ID Connect (AD Connect.

• Troubleshoot and resolve AD Connect sync issue

• Knowledge of Identity Protection, Conditional Access Policy, Privileged Identity Management, SSPR and Role Based Access Control.

• Expertise on various authentication protocols – Kerberos, SAML, OAUTH 2.0, OIDC

• Familiarity with Microsoft Defender features – Microsoft Defender for Cloud Apps, Microsoft Defender for Identity (MDI), Microsoft Defender for Endpoint (MDE)

• Strong analytical and debugging skills.

• Curiosity to learn new technologies.

• Ability to write required PowerShell Scrips.

• Proficiency in AD backup tool like Quest RMAD.

• Plan and execute Disaster Recovery for Active Directory Forest.

• Proficiency in Migration tool such as ADMT, Quest Migration or other.

• Configure and manage ADFS for federation service.

• Learning various trending attacks / vulnerabilities and checking if we are on correct state to withstand / prevent / identify those attacks.

• Microsoft certifications (e.g., MCSA, MCSE, Azure Administrator Associate).

• Ability to work on Service now incidents, service request and change request.

• Active Directory Security, vulnerability remediation.

• Troubleshooting Active Directory issues reported by Cross Functional team, identifying root cause, and providing the solution.

Experience

• A bachelor’s or master’s degree in computer science, information technology, or a related field, or equivalent work experience

• 6+ years of experience in Active Directory, ADCS, ADFS and Entra ID (Azure AD) administration.

• Ability to work independently and collaboratively in a fast paced and dynamic environment.

• Familiarity with Entra ID and various authentication protocols SAML, OAuth, Open ID, Kerberos.

• Would be good to have scripting and coding knowledge.

• Having Microsoft Identity and Access Management Administrator certification is a plus.

• Microsoft certifications (e.g., MCSA, MCSE, Azure Administrator Associate).

• Basic of Linux, Networking and Virtualization.

With over 175 years of heritage, BT is now the flagship business brand of BT Group. We’ve brought together our best people and capabilities into a B2B powerhouse serving 1.2 million business customers internationally.

We’re a global leader for secure connectivity and collaboration platforms for businesses of all shapes and sizes, from big household names and government departments, right through to sole traders and new start-ups. But it’s not just the technology that matters, it’s what it can do to help them build stronger, smarter, more secure businesses.

We value diversity and inclusion and believe in making a positive impact. We connect for good by championing digital inclusion and equipping people, businesses, and communities with digital skills to thrive.

As a member of our team, you will be part of an organisation that celebrates difference, fosters innovation and provides you with opportunities to be your best. With millions of businesses relying on us daily, joining BT means you can be part of a diverse and multi-skilled team that makes a significant impact to society.

A FEW POINTS TO NOTE:

Although these roles are listed as full-time, if you’re a job share partnership, work reduced hours, or any other way of working flexibly, please still get in touch.

We will also offer reasonable adjustments for the selection process if required, so please do not hesitate to inform us.

DON'T MEET EVERY SINGLE REQUIREMENT?

Studies have shown that women and people who are disabled, LGBTQ+, neurodiverse or from ethnic minority backgrounds are less likely to apply for jobs unless they meet every single qualification and criteria. We're committed to building a diverse, inclusive, and authentic workplace where everyone can be their best, so if you're excited about this role but your past experience doesn't align perfectly with every requirement on the Job Description, please apply anyway - you may just be the right candidate for this or other roles in our wider team.