IN-Sr Technical Architect - Cloud (Microsoft AD Admin, Active Directory and Domain Controller, Azure, Windows)

Scope:

The L4 Windows Domain Controller and Active Directory Senior Architect is a senior-most technical authority responsible for the strategic design, modernization, governance, and security of enterprise-scale Active Directory and Domain Controller infrastructures. This role defines the vision, architecture roadmap, and operational frameworks for global identity and access management ecosystems, ensuring resilience, scalability, and Zero Trust compliance across hybrid environments (on-prem, Azure AD/Entra ID, and multi-cloud).

Our current technical environment:

• Microsoft Azure
• VMWare Esxi

What you’ll do:

• Define end-to-end Active Directory (AD) and Domain Controller (DC) architecture across multi-region, multi-forest enterprise environments.
• Architect and govern hybrid identity frameworks integrating on-prem AD with Azure AD / Microsoft Entra ID.
• Design disaster recovery, replication topology, and site resilience strategies.
• Establish reference architectures, blueprints, and design patterns for AD deployments and migrations.
• Lead forest/domain consolidation, modernization, and cloud transformation initiatives.
• Implement Zero Trust principles in Active Directory and identity design.
• Lead AD security hardening, including administrative tiering, privileged access segregation, and credential protection.
• Define and enforce GPO baselines, Delegation of Control, and Role-Based Access Control (RBAC).
• Conduct AD security posture reviews, vulnerability analysis, and remediation planning.
• Collaborate with cybersecurity teams for SIEM (Sentinel/Splunk) and PIM/PAM (Privileged Identity Management) integration.
• Ensure compliance with ISO 27001, NIST 800-53, CIS Benchmarks, GDPR, and SOX frameworks.
• Design and govern hybrid identity synchronization using Azure AD Connect / Entra Connect.
• Define SSO, Federation, and Conditional Access models using ADFS, SAML, OAuth2, OpenID Connect.
• Integrate Azure AD, Okta, or Ping Identity with enterprise applications for secure authentication.
• Guide transition to passwordless, MFA, and certificate-based authentication strategies.
• Serve as the enterprise AD subject matter expert (SME) and architectural authority for all directory services.
• Partner with Cloud, Security, and Network Architects to align identity design with overall IT strategy.
• Provide technical mentorship to global L2/L3 AD engineers.
• Lead architecture reviews, audits, and design approval boards for AD-related projects.
• Represent the organization in Microsoft technical advisory councils or equivalent enterprise forums.

What we are looking for:

• Bachelor’s or Master’s degree in Computer Science, IT, or related discipline.
• 15+ years of progressive experience in Windows Infrastructure and Identity Services.
• 10+ years in Active Directory architecture, security, and operations at enterprise scale.
• Proven track record designing global multi-forest AD environments with 50K+ users.
• Experience leading cloud identity transformations and Zero Trust adoption.
• Deep understanding of IAM lifecycle, identity governance, and security frameworks.
• Strong communication, documentation, and stakeholder engagement skills.

Good to have:

• Microsoft Certified: Identity and Access Administrator Associate or Microsoft Certified: Azure Solutions Architect Expert.
• MCSE: Core Infrastructure, Certified Information Systems Security Professional (CISSP), or SANS AD Security Certification (Active Directory Security Expert).

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

About Us

Who are we?

We are a proven, passionate bunch of disruptors. Our work is all about tapping into your potential so we can deliver the best solutions and customer experiences on the planet. Collaboration, respect, and a great work-life balance earned us the title of "Best Place to Work- Employees' Choice" by Glassdoor. Our people are smart, creative, rock stars with over 400 patents and 10,000 people years of domain expertise.

What do we do?

The company is the world leader in digital supply chain and omni-channel commerce fulfillment. Our intelligent, end-to-end platform enables retailers, manufacturers and logistics providers to seamlessly predict, pivot and fulfill customer demand. With our solutions, you can make more automated, profitable business decisions that deliver greater growth and re-imagined customer experiences. Fulfill your Potential. ™ blueyonder.com

“Blue Yonder” is a trademark or registered trademark of Blue Yonder, Inc. Any trade, product or service name referenced in this document using the name “Blue Yonder” is a trademark and/or property of Blue Yonder, Inc.

15059 N Scottsdale Rd, Ste 400

Scottsdale, AZ 85254

Read More

Follow Us

• [](https://www.youtube.com/c/BlueYonderAI "YouTube")
• [](https://twitter.com/BlueYonder_AI "X")
• [](https://www.linkedin.com/company/blueyonderai "LinkedIn")
• [](https://www.facebook.com/BlueYonderAI/ "Facebook")

© 2025 Workday, Inc. All rights reserved.