Active Directory Architect

The IAM Architect is vital for securing and optimizing the organization's digital assets. The Microsoft Identity & Access Solution Architect leverages expert-level experience and knowledge of Active Directory, Azure Active Directory, and Okta to design, implement, and manage IAM solutions. Close collaboration with cross-functional teams is essential to understanding business requirements, evaluating existing systems, and improving identity and access controls. Proficiency in IAM technologies and best practices is crucial for safeguarding data and ensuring compliance with regulations.  The successful candidate will work as part of a global solutions team to DESIGN, Build Effort Estimation & DEPLOY “Wintel technologies” Including Identity & Access both on-prem and cloud for existing and prospective clients through RFP / RFI

Key Functional Areas of Expertise

• Architects and consulting roles in the projects,
• Design and implementation, hands-on experience
• Technical specialization / External certifications
• Build the vital competency centers
• Excellent quality of delivery
• Build a portfolio of successful projects, references, and credentials
• Market research

Technical Expertise the key responsibilities of the role include:

Candidates with 8-16+ years’ experience in architecture, designing solutions, migrating on-prem Active Directory and any Identity Access solution, and cloud solutions. Must have 10+ years of relevant experience. Responsible for designing specific technology solutions from high-level to detailed-level designs, deployment, and handover to delivery.

Design:

• Review, design, guide, and execute efficient solutions that are operationally cost-effective to maintain. 
• Review, design and execute solutions to availability and resilience targets in line with requirements.
• Exploit and develop shared design blueprint and documentation for ongoing reuse 
• Determine server specifications and infrastructure requirements as part of capacity planning (such as storage, network security, etc.)
• Both verbally and in written form, articulate solutions and benefits accurately and persuasively, reflecting the client’s interests or concerns.
• Ensure that the detailed solutions align with client and Cognizant strategy and SLAs.
• Drive project calls and perform presales activities on on-premises, cloud and hybrid deployments.
• Validate HLD, LLD and other project documents. 
• Create efforts and timelines for projects.
• Review and identify the risks in projects and define the mitigation plan
• Define IAM architecture, including identity lifecycle management, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM)
• Lead the implementation of IAM solutions, integrating with systems and applications, both on-premises and in the cloud
• Configure IAM tools and platforms to meet functional requirements and security policies
• Collaborate with development teams to ensure IAM capabilities are integrated into applications and services seamlessly
• Establish IAM policies, procedures, and standards to enforce security best practices
• Conduct risk assessments and audits to identify security vulnerabilities and compliance gaps
• Ensure IAM solutions comply with relevant regulations such as GDPR, HIPAA, and PCI DSS
• Design and automate processes for user provisioning, de-provisioning, and access recertification
• Implement role-based access control (RBAC) and attribute-based access control (ABAC) mechanisms
• Monitor user activity and enforce least privilege access principles
• Collaborate with cross-functional teams, including IT operations, security, compliance, and business units
• Provide technical leadership and mentorship to junior team members

Key technical skills required

• The following are the mandatory requirements of infrastructure-based solutions experience for this role: 
• Experience in the design implementation of large-scale solutions and platforms with the following technologies:
• Expert level of understanding and hands-on experience in Windows 2003/2008/2012/2016/latest
• Exposure to migration projects, build, re platform.
• Guide review and assessment of environment for various migrations.
• Designing the remediation and migration approach, milestones, timelines, risk and mitigation
• Active Directory 2003/2008 R2/2012 Services design, sizing, migration and implementation for at least 6000 objects
• Intra and Inter-Active Directory Forests Migration and Co-existence
• Azure AD, Conditional Access and MFA/SSPR configuration.
• Active Directory Consolidation 
• Must have designed and implemented File & Print  and DFS environments 
• Must have executed File & Print migrations
• Must have executed File Server to DFS migrations
• Hands on experience in migrating large scale users, computers and member servers from various source Forest to target Forest
• Knowledge on Azure - PaaS and IaaS
• Knowledge of Access Management Solutions - Active Directory Federation Services (AD FS)  to design the integration for Azure and Office 365
• Active Directory Integration Capability with Identity Management Systems (MS FIM, MIM, etc.)
• Windows platform upgrade
• Design and implementation of Hyper V cluster and migration of work load
• Working knowledge of Application migration and migration tools like AppZero
• Application Assessment and compatibility test tools like Factfinder from Blue stripe and Change Base from Quest 
• Assess existing AD infrastructures and make recommendations for improving design and performance
• Working experience on various migration tools such as ADMT, Quest/Binary Tree Tools, Data migration tools like Double take, Quest, Sharegate
• Provision and Configure Azure AD and integrating with onprem AD
• OneDrive Deployment using Share gate and metalogic
• Previous experience of working on similar Active Directory Transformation projects, working on customer sites and liaising with client community
• Create detailed design, migration/transition documentation based on the project requirements
• Design and execute complex build and migration projects on other Wintel technologies like DNS, Hyper-V, KMS, WINS, DHCP, IPAM, PKI, RADIUS, File Services, Print Services, Direct Access and terminal services(RDS)
• AD Replication, Authentication and Authorization, Group Policies, ADAM and AD LDS, AD Performance tuning, domain and forest migrations.
• ODFB migration 
• Work to integrate other tools, platforms, and applications to realise robust solutions that tie into AD
• Assist in developing and maintaining DR Plans for the AD environment. 
• Knowledge of migration processes with specific emphasis on resource migration on file, DFS, print & DHCP. 
• Third-party solutions on file and print solutions like Cerato, follow me printing, managed printing, secure printing, Ctera, Ricoh printing and Double-take
• Knowledge of business applications integration with Active Directory through LDAP, SSO Providers, etc.
• Collaborate with Project Managers, Delivery Managers & Solution Architects to translate requirements into technical specifications
• Microsoft PowerShell scripting and tool-making skills to automate any of the above workload.
• Experience in carrying the assessment of Active directory environment to achieve security, reliability, availability and operational efficiency