Sr. Lead Directory Services Engineer

Job Description

The Senior Lead Directory Services Engineer is responsible for leading and advancing enterprise directory infrastructure across on-premise, hybrid, and cloud environments. This role oversees Microsoft Active Directory, Entra ID/Azure AD, LDAP directories, Ping Directory, and RadiantOne VDS—along with domain controllers, servers, storage, and network dependencies. This individual ensures uptime, security, replication integrity, and modernization of identity platforms while partnering with Cyber, Infrastructure, and Business stakeholders.

RESPONSIBILITIES:

Key areas of focus for the Directory Services Engineer include ensuring global uptime, monitoring, and failover of directory services, seamlessly connecting directory services with identity and business systems, and enforcing secure protocols, admin separation, and access tiering.  The successful candidate will be responsible for the following activities:

• Directory & Infrastructure Leadership

• Design, secure, and maintain Active Directory, Entra ID/Azure AD, LDAP, Ping Directory, and RadiantOne VDS

• Manage domain controllers, server builds, storage integration, replication roles, and monitoring

• Oversee DNS/DHCP integration, site topology, failover, and global uptime

• Networking & Platform Integration

• Partner with network teams to manage VLANs, firewalls, subnets, VPN/site links, and isolated environments

• Coordinate directory services across Windows, Linux, Unix (AIX/Solaris), and macOS platforms

• Architecture, Security & Hardening

• Implement forest/domain architecture, OU models, replication topology, and delegated access

• Apply Tier 0 protections, MFA integration, privileged access separation, and credential hardening

• Enforce CIS, DISA STIG, and Microsoft baselines for directory services and supporting systems

• GPO & Policy Enforcement

• Lead Group Policy design and enforcement for security baselines, login policies, TLS/LDAPS, firewall controls, encryption, and device posture

• Conduct policy audits, conflict resolution, and impact assessments

• Identity Lifecycle & Object Governance

• Oversee provisioning and synchronization of users, groups, service accounts, and privileged identities

• Manage schema extensions, object standards, and directory hygiene across hybrid ecosystems

• Endpoint, OS & Server Security

• Harden servers and VMs with patch baselines, encryption, EDR/XDR, LSASS protection, PAWs, and conditional access

• Implement secure communications over Kerberos, LDAPS, and certificate-based trust

• Integration & Collaboration

• Integrate directory services with IT, IAM/PAM platforms, PKI, authentication systems, and enterprise applications

• Partner with Cloud, Security Engineering, and Infrastructure teams on modernization and resiliency efforts

• Modernization & Strategic Initiatives

• Lead cloud-native directory strategies, domain consolidation, and migration initiatives

• Provide architectural guidance for enterprise security programs and automation

Qualifications

• 5+ years in a senior or lead role in IAM, directory services, security engineering, or infrastructure security
• Expert-level experience with AD domain controllers, replication, DNS/DHCP, FSMO roles, and site topology
• Advanced proficiency with Entra ID/Azure AD, Azure AD Connect, federation, and synchronization
• Strong LDAP knowledge, including schema modifications, Ping Directory, and RadiantOne VDS
• OS security hardening across Windows Server, Linux/Unix, and mixed enterprise platforms
• Strong networking fundamentals (VLANs, segmentation, firewalls, routing, VPN/site links)
• Experience designing and managing Group Policies at scale
• Demonstrated leadership in strategic programs or enterprise-scale transformations
• Bachelor’s degree in IT, Computer Science, Cybersecurity, or equivalent experience

DESIRED CHARACTERISTICS:

• Previous experience working in multiple large complex environments and specifically within the Identity and/or Security Engineering components of those organizations.
• Previous experience working in identity, security engineering, and/or information security functions in the media and advanced technology industries.
• Master’s Degree in an IT related field.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-Versant worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $160,000 - $190,000 (bonus eligible)

We are accepting applications for this position on an ongoing basis.

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected].

Although you'll be hired as an NBCU employee, your employment and the responsibilities associated with this job likely will transition to Versant in the future. By joining at this pivotal time, you'll be a part of this exciting company as it takes shape.