Location: Guadalajara, México Role Overview NTT DATA Services Security organization seeks a System Engineering – Azure specialist to support, troubleshoot, upgrade and design solutions for Active Directory, Azure AD, and related identity technologies. Responsibilities Active Directory designing, architecture solutions, integration with platforms & applications Certificate management and PKI Develop an architecture of directory solutions for Windows, Unix and related platforms Experience in consolidations of multiple forests and domains, with understanding of user accounts, machine accounts and GPOs Formulate migration plans for services such as DNS, DHCP and Certificate Services (PKI) Analyze requirements and design solutions with zero impact to other platforms Develop PowerShell scripting with AD modules or VB.NET based on requirements Manage Azure Active Directory design, architecture solutions, integration with platforms & applications, and AD connector to Azure Audit security logs and integrate with SIEM Conduct POCs with multiple vendors for AD solutions, prepare detailed test cases, and create recommendation documents with pros and cons for senior management Perform vulnerability assessment and management for Active Directory, DNS & Windows platforms Lead Active Directory consolidations including application integration with application teams Recommend security best practices to achieve business objectives, advise on risk assumptions and provide alternatives to achieve desired outcomes Required Qualifications Minimum 5 years of relevant experience in architecture, design, solutions & migration of Active Directory, Azure AD, Windows & endpoints Strong experience with Active Directory migration tools or equivalent, and consolidation of global forests and domains Hands‑on experience with Azure AD (Azure Active Directory) Extensive experience as Azure admin for enterprise Active Directory setup and maintenance Strong experience in AD trusts, two‑way and one‑way trusts, and deep knowledge of AD schemas and metadata Strong knowledge of Azure AD Identity Management & integration with on‑premises Understanding of Azure AD technologies, including authentication models, federation, MFA, conditional access policies and other relevant capabilities Familiarity with best practices in AD/Azure privileged access management and modern AD/Azure secured administration Proficient PowerShell scripting Knowledge of IAM disciplines such as PIM and privileged administrative accounts, and PAM solutions (e.g., CyberArk) Knowledge of ADFS and Azure AD sync connectors Strong familiarity with DNS, Active Directory integration, partitions, Infoblox & DHCP systems, and migration of services from AD to any platform Demonstrated knowledge of AD assessment in terms of OU delegation, GPOs, permissions, etc. Expertise in AD versions 2003, 2008R2, 2012R2, 2016, 2019 and Azure AD Hands‑on experience setting up labs based on solution requirements Experience with AD disaster recovery, replication issues, and resolution using tools such as repadmin Experience writing and applying GPOs, especially for domain consolidations Knowledge of AD & Windows audit logs, levels, and SIEM integration Knowledge of networking, firewalls, DNS, DHCP, DFS, network load balancers and secure global Directory or Secure LDAP Understanding of cryptography, certificates, PKI, symmetric & asymmetric keys, encryption & hash algorithms Expertise in AD authentication protocols (Kerberos, NTLM, LDAP, LDAPS & LDAP‑Start TLS) Knowledge of network log capturing & analysis using tools such as Wireshark, Tshark, Microsoft Network Monitor, etc. Experience integrating LDAP & Kerberos with applications (e.g., Keytab, krb5) Knowledge of AD migration tools (ADMT, Quest, etc.) and AD trust, forest, domain tree structures, sites, DNS, GPOs, OU, FRS, DFSR Knowledge of identity & access management tools such as FIM, MIM, OIM, Quest, etc. Exposure to SAML, OAuth, OpenID and other security/IAM standards Hands‑on familiarity with host‑based security solutions, forensic & investigation agents, compliance scanning, reporting, and AD hardening Knowledge of single sign‑on, federation, active directory/LDAP, Kerberos/NTLM authentication & integrated Windows authentication Knowledge of identity management and role‑based / attribute‑based access control & entitlement management Excellent communication skills, both verbal and written Strong documentation skills for design & configuration documents with version control Excellent interpersonal skills and ability to work as part of a team Home office for remote work Ability to work some weekends and late nights performing approved changes ITIL V3 or later experience; experience writing change requests and attending Change Advisory Board (CAB) meetings Experience with security controls and compliance EEO Statement NTT DATA is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. For more information on your EEO rights under the law, please refer to the relevant resources. For Pay Transparency information, please see the policy. #J-18808-Ljbffr