System Architect

Job Title:- System Architect

Duration:- Long-Term Contract 

Client:- Commonwealth of Kentucky – Division of Platform Services

Location:- 100% Remote

JOB DESCRIPTION: 

The Commonwealth Office of Technology is a top tier technology organization serving the needs of the agencies and citizens of the Commonwealth through providing a truly enterprise scale network.  The Directory Services Branch within the Commonwealth Office of Technology serves as a group of skilled professionals that design, maintain, and support a large and diverse technology directory for the digital identities that empower the mission of our agencies to provide critical services within a 21st century digital government environment.  

The Directory Services Branch within the Commonwealth Office of Technology is seeking a skilled professional with experience in Microsoft Active Directory and Azure identity technologies. The Directory Services Branch supports multiple user forests and domains within a large-scale distributed directory infrastructure to ensure that technology users across the Executive Branch of Government, and the public, can authenticate to the technology that support critical services for the agencies and the citizens they serve.   

KEY RESPONSIBILITIES:  

• Work with other technical team professionals to ensure that the Commonwealth’s enterprise identity directories are maintained at the highest level of functionality. 
• Research, develop, and implement best practices and processes behind Active Directory and Entra ID AM related technologies (Active Directory, Entra ID, Active Directory Federation Services, Entra ID Connect, Single Sign-on, Galsync, and Microsoft Identity Manager). 
• Develop technical documentation, processes, and procedures for the technology and services provided by the branch.  
• Provide recommendations and guidance to other teams in the organization as it relates to the directory and Identity and Access Management (IAM).  

GENERAL SKILLS/ABILITIES:  

• Must be able to contribute to a teamwork focused environment.  
• Excellent customer service.  
• Good time management and multi-tasking skills.  
• Familiar with ITIL standards and processes.  

TECHNICAL EXPERIENCE:  

• Experience (6+ years) in Enterprise Identity management for a large-scale (5,000-10,000+ user) hybrid identity (on-prem and cloud) infrastructure.  
• Experience (4+ years) designing and implementing Microsoft hybrid identity solutions - Entra ID, Azure AD Connect, Microsoft Identity Manager (MIM), Active Directory Federation Services (ADFS).  
• Experience (8+ years) designing and maintaining multi-forest/multi-domain Active Directory infrastructure.  Including supporting technologies like DNS, DFS, GPO, Sites and Services).  
• Experience Designing, implementing, and maintaining Public Key Infrastructure (PKI) and certificate lifecycle management solutions.  
• Experience federating services and applications with Single Sign-on technologies (SAML, OIDC, OAuth). 
• Strong PowerShell skills. 

TRAINING/CERTIFICATIONS ARE HIGHLY PREFERRED:  

• Microsoft Certified: Identity and Access Administrator Associate.  
• Microsoft Certified: Azure Security Engineer Associate. 
• Microsoft Certified: Azure Administrator Associate. 
• Comptia Security+. 

ADDITIONAL INFORMATION: 

• Position is full-time remote but ability to be on-premises if needed (Frankfort, KY) is required. 
• 40-hour work week with 8-hour days.  Flexible start/end times from 7-5 EST.  
• Position will require occasional after-hours, evening, and weekend work to align with schedule maintenance windows.  The amount varies depending on the system and changes being made. Expect 2-8 hours a month on average. 
• Position does require an on-call rotation with the other team members.  Every 5-6 weeks the candidate will need to remain available for a full week. May receive calls from others in the organization in the event of an emergency issue.