Active Directory Engineer – Specialist

Join a world-class academic healthcare system, UChicago Medicine, as an Active DirectoryEngineer – Specialist in our Information Security department. This position will be primarily a work from home opportunity with the requirement to come onsite as needed.

This individual will be part of the Security Engineering team and will play a key role in Active Directory modernization, hybrid cloud identity integration, domain consolidation, and enterprise-grade SSO solutions. This position helps administer and provides leadership of the day-to-day operations of key system environment(s). Assists in the design, administration, analysis, evaluation, troubleshooting, and documenting of complex existing technology systems (e.g., technical platforms, SAN solutions, e-mail systems, network operating systems, etc.). Technical professional (subject matter expert) to assist with more complex testing and analysis of all elements of the systems’ capabilities. Understands the business impact of events and decisions made relating to system changes/enhancements. Helps make decisions and determine policy to maximize system availability.

Essential Job Functions

• Architect, implement, and support hybrid identity infrastructure integrating on-prem Active Directory with cloud-based services (e.g., Azure AD, Entra ID, Okta, AWS IAM).

• Lead domain migration and consolidation projects across complex enterprise environments.

• Manage and optimize LDAP directories and identity sync tools between internal and external systems.

• Design and maintain secure, scalable SSO configurations using SAML, OAuth, OIDC, and federation technologies.

• Develop and enforce Group Policy Objects (GPOs), domain trusts, and domain controller health.

• Responsible for all activities related to system administration and continually reviews and improves the current process and procedures.

• Analyzes causes of issues, delays, or problems and takes necessary corrective action to alleviate problem areas.

• Ensures long-term requirements of systems operations and administration are included in the overall information systems planning of the organization.

• Responsible for the installation, maintenance, configuration, and integrity of systems software.

• Maintains and upgrades hardware and software including technical architecture related to hardware and basic network connectivity.

• Implements operating system enhancements that will improve the reliability and performance of the system.

• Establishes/recommends policies on system use and services.

• Responsible for design, support and implementation of Disaster Recovery and High Availability plans.

• Acts as resource for other Security Engineers and mentors less experienced Security Engineers.

• Stays current with system technology and trends.

Required Qualifications

• BS or BA degree, Computer Science, Engineering, or equivalent education, training or work experience

• Experience in AD Domain consolidation

• Experience working with domain trusts and multi-forest / multi-domain organizations

• Knowledge of modern Directory Services architectures

• Experience with EntraID / Azure Active Directory

• Experience with on-prem, Cloud and hybrid directory environments

• Hands-on experience with PowerShell scripting for automation and reporting

• Familiarity with identity federation (ADFS, SAML, OAuth) and hybrid identity configurations

• Understanding of security best practices for AD, including tiered administration models

• Familiarity with identity governance and privileged access management solutions

• Independent problem-solver with ability to sort through issues and conducts comparative analysis of multiple solutions (i.e. skilled in problem analysis; pays very close attention to detail)

• Able to work in a team environment or independently

• Excellent listening and organizational skills with emphasis on detail and follow-through

• Able to organize and delegate tasks, coordinate projects and be willing to advise others

• Skilled in project management and work plan development and implementation

• Effective oral and written communication skills and interpersonal skills

Preferred Qualifications

• Master’s degree

• Healthcare experience

Position Details

• Job Type/FTE: Full Time (1.0 FTE)

• Shift: Days

• Location: Remote

• Unit/Department: Information Security Office

• CBA Code: Non-Union

We’ve been at the forefront of medicine since 1899. We provide superior healthcare with compassion, always mindful that each patient is a person, an individual. To accomplish this, we need employees with passion, talent and commitment… with patients and with each other. We’re in this together: working to advance medical innovation, serve the health needs of the community, and move our collective knowledge forward. If you’d like to add enriching human life to your profile, UChicago Medicine is for you. Here at the forefront, we’re doing work that really matters. Join us. Bring your passion.

UChicago Medicine is growing; discover how you can be a part of this pursuit of excellence at:UChicago Medicine Career Opportunities.

UChicago Medicine is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, ethnicity, ancestry, sex, sexual orientation, gender identity, marital status, civil union status, parental status, religion, national origin, age, disability, veteran status and other legally protected characteristics.

Must comply with UChicago Medicine’s COVID-19 Vaccination requirement as a condition of employment. If you have already received the vaccination, you must provide proof as part of the pre-employment process. This is in addition to your compliance with the Flu Vaccination requirement as well. Medical and religious exemptions will be considered consistent with applicable law. Lastly, a pre-employment physical, drug screening, and background check are also required for all employees prior to hire.

Compensation & Benefits Overview

UChicago Medicine is committed to transparency in compensation and benefits. The pay range provided reflects the anticipated wage or salary reasonably expected to be offered for the position.

The pay range is based on a full-time equivalent (1.0 FTE) and is reflective of current market data, reviewed on an annual basis. Compensation offered at the time of hire will vary based on candidate qualifications and experience and organizational considerations, such as internal equity. Pay ranges for employees subject to Collective Bargaining Agreements are negotiated by the medical center and their respective union.

Review the full complement of benefit options for eligible roles at Benefits - UChicago Medicine.