Identity and Access Management System Administrator (25-441)

Who Is Trace3?

Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients. Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.

Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!

Trace3 is headquartered in Irvine, California. We employ more than 1,200 people all over the United States. Our major field office locations include Denver, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, Texas, San Francisco.  

Ready to discover the possibilities that live in technology?

Come Join Us!

Street-Smart - Thriving in Dynamic Times

We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the “big picture.” We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.

Juice - The “Stuff” it takes to be a Needle Mover

We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.

Teamwork - Humble, Hungry and Smart

We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it’s due and demonstrate transparency. We “bring the weather” by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures – not just their success. We appreciate the individuality of the people around us.

Job Summary:

We are seeking a Identity and Access Management System Administrator to manage the deployment and maintenance of enterprise directory service functions, including Active Directory domain services/controllers, certificate authority services, policy creation and tracking, and account management. The ideal candidate is detail-oriented, with the ability to assess and track the impact of changes on critical infrastructure components such as replication schedules and group policies. In addition to technical responsibilities, this role will also serve as Scrum Master for a small Agile team, ensuring effective collaboration and delivery. This position provides the opportunity to combine deep technical expertise with Agile leadership to support and enhance enterprise-level directory services.

Experience Required:

• Deployment and maintenance of all active directory domain services/controllers. This includes monitoring health and status of all sites and services in the enterprise
• Deployment and maintenance of all certificate authority (CA) services, including issuing all SSL certificates and building out new CA servers in the enterprise. Including tracking all CA server expiration dates, working with applicable teams to perform a renewal process for existing CA certs when needed.
• Creating and maintenance of system policies, such as Windows group policies, Linux authentication PAM rules/files (in concert with Linux/unix team), and tracking any potential issues as they arise on the system.
• Maintenance of all account matrices, including all applicable permissions cross overs between enclaves when/if needed.
• Continuously working with cyber team to ensure all RBAC controls are compliant with current policies for restriction access between enclaves and systems in enterprise for each applicable user/team.
• Assist cyber team with monitoring all directory services for out of the ordinary logins or accounts behavior metrics to ensure safety of data integrity of C2BMC-G system enterprise.
• Work with other teams to deployment and maintain technologies that include collaborative aspects, such as instant message platforms in enterprise.
• Work with all team to ensure proper distributed authentication services are configured property to ensure non-repudiation to all available sources. This can includes assisting with configuration of LDAP services to network/software solution, to ensure RBAC access to user base. Examples of LDAP/LDAPS connected endpoints configuration could be things like, HPE iLO interfaces, Gitlab, Cisco ISE, FortiManager, Raritan KVM, etc.
• Thorough understanding and Active Directory and its replication structure when used in a distributed forest, separated through the use of WAN links
• Experience with a on premise multi domain environment using Role based administrative controls (RBAC) for least privilege
• Experience with DISA STIG compliance remediation using distributed group policy and SCAP compliance scanners
• Ability to integrate automation technologies into daily Active Directory use is a plus

Technical Skills Required:

• 5-6 years’ experience administering Active Directory technologies in an enterprise level system
• EDUCATION: Bachelors with 9+ or Masters with 7+ or equivalent 
• LOCATION: Full Time/ On-Site at Schriever in Colorado Springs, CO
• CLEARANCE REQUIRMENT: Top Secret
• DOD 8570 REQUIREMENT: IAT - Level II
• SALARY RANGE: $122,000 to $145,000 

Actual salary will be based on a variety of factors, including location, experience, skill set, performance, licensure and certification, and business needs. The range for this position in other geographic locations may differ. Certain positions may also be eligible for variable incentive compensation, such as bonuses or commissions, that is not included in the base salary.Estimated Pay Range$122,000—$145,000 USD

The Perks

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Stocked kitchen with snacks and beverages
• Collaborative and cool culture
• Work-life balance and generous paid time off

Our Commitment

At the core of Trace3's DNA is our people. We are a diverse group of talented individuals who understand the importance of teamwork and demonstrating leadership, character, and passion in all that we do.

We’re committed to fostering an inclusive workplace where everyone feels respected, valued, and empowered to grow. We recognize that embracing diversity drives innovation, improves outcomes, fosters collaboration, boosts teammate satisfaction, and builds a more inclusive culture.

As an equal opportunity employer, Trace3 bases all employment decisions based on individual qualifications, merit, and business requirements. We do not engage in discrimination on the basis of race, color, religion, sex (including gender identity, sexual orientation, and pregnancy), national origin, age (40 or older), disability, genetic information, or any other characteristic protected by federal, state, or local law.

Any demographic information provided is strictly voluntary, kept confidential in accordance with Equal Employment Opportunity (EEO) regulations, and will not be used in employment decisions, including hiring, promotions, or mentorship programs. We are committed to providing equal employment opportunities for all.

If you require a reasonable accommodation to complete the application process or participate in an interview, please email recruiting@trace3.com.

***To all recruitment agencies: Trace3 does not accept unsolicited agency resumes/CVs. Please do not forward resumes/CVs to our careers email addresses, Trace3 employees or any other company location. Trace3 is not responsible for any fees related to unsolicited resumes/CVs.