ACTIVE DIRECTORY EXPERT

BUCHAREST

ENGIE GBS ROMANIA

One of the world's leading energy companies, ENGIE is present across the entire energy chain, in electricity and natural gas, from upstream to downstream. By placing responsible growth at the heart of its businesses (energy, energy services and the environment), its mission is to meet major challenges: meeting energy needs, ensuring security of supply, combating climate change, and optimizing the use of resources.

GBS is part of ENGIE, partnering with the support functions for the ENGIE's Business Units and Corporate. It currently has 7 Business Support functions: purchasing, consulting, finance, real estate and logistics, legal, human Resources, information systems. By 2025, GBS is ENGIE's "transition maker" for support function excellence. Amplifying ENGIE's net zero mission, we provide a competitive edge through efficient operations, strategic resource allocation, and pioneering in culture and technology.

The Identity and Access department of the Network & Cyber Security division is recruiting an expert in infrastructure and security – Microsoft Active Directory, PIAM, and PKI – to strengthen the Active Directory team.

We are seeking a highly skilled Infrastructure & Security Expert with in-depth expertise in Microsoft Active Directory (AD), including Public Key Infrastructure (PKI) systems and Privileged Identity & Access Management (PIAM) related to AD. The ideal candidate will be responsible for the design, implementation, operation, and continuous improvement of secure, scalable, and resilient directory services across a complex and hybrid infrastructure.

At ENGIE, every talent has a role to play in accelerating the energy transition. Make a difference and enjoy a fulfilling professional experience, take on exciting challenges, and shape the path that suits you. Join us and be part of the adventure of our century!

What you will do:

• Design, deploy, and manage enterprise-scale Active Directory (AD) environments, including multi-domain and multi-forest configurations, ensuring scalability and operational excellence.
• Monitor AD replication health, perform domain controller diagnostics, and troubleshoot replication issues to ensure directory integrity across global environments.
• Manage FSMO roles, SYSVOL replication (DFSR), conduct metadata cleanup, and perform regular health and performance checks on AD infrastructure.
• Serve as the Level 3 escalation point for complex AD, identity, and infrastructure-related incidents; lead root cause analysis (RCA) and long-term remediation efforts.
• Collaborate with IT Operations and Global Security Operations Center (GSOC) during security events involving Active Directory or privileged access.
• Implement and enforce Active Directory security best practices, including hardening, secure delegation models, and access control principles (RBAC, least privilege, Just-In-Time access).
• Design and maintain a secure, auditable delegation model for administrative roles and critical assets; regularly review delegated permissions for compliance and minimal privilege.
• Deploy and manage Microsoft PKI (Active Directory Certificate Services), including certificate templates, smartcard integration, and support for TLS/SSL and code signing.
• Provide documentation, internal KB articles, and deliver training sessions to L1/L2 support teams; ensure knowledge transfer and operational readiness.
• Participate in technical design reviews and architecture discussions as the Active Directory subject matter expert, driving continuous improvement and innovation.

Desired education, expertise, and skills: 

• Bachelor's degree in Computer Science, Cybersecurity, or related field.
• Minimum of 5 years of experience in infrastructure/security engineering roles with a focus on Active Directory.
• Deep knowledge of Windows Server (2016/2019/2022) and core AD components (DNS, DHCP, ADFS, GPOs, Sites & Services).
• Proven experience in managing multi-site, multi-domain AD environments and domain controller replication.
• Familiarity with AD-integrated DNS and Name Resolution issues.
• Advanced experience with PowerShell scripting for automation, health checks, and reporting.
• Strong troubleshooting skills, particularly for authentication, replication, and access issues.

Nice to have:

• AWS Certifications (e.g., Associate level or equivalent).
• Microsoft Certifications (e.g., MS-100, AZ-500, SC-300, or equivalent).
• Experience with hybrid identity models (Entra Connect, SSO/Federation).
• Hands-on experience with monitoring and SIEM tools for directory security (e.g., Splunk, Sentinel).
• Familiarity with Active Directory security auditing and assessment tools, including:
  • PingCastle: Ability to run and interpret health and risk assessments, generate compliance reports, and define remediation plans.
  • Oradad (or equivalent tools): Experience using it to detect misconfigurations, privilege escalation paths, and attack surfaces within AD.

Benefits:

• • Private health insurance for you and your family;
  • Opportunities for ongoing personal and professional development;
  • Meal tickets;
  • Work-life balance;
  • Annual extended holiday entitlement, depending on the length of employment;

Only candidates selected for interviews will be contacted.

If you decide to send us your personal information in order to apply for this position, please be aware of our job candidate GDPR Data Privacy Notice: https://www.engie.ro/wp-content/uploads/2022/09/ER_Nota-de-informare-Candidati.pdf.

ENGIE is an Equal Opportunity Employer. Our commitment is unwavering: we do not discriminate based on race, color, age, sex, religion or religious creed, national origin, marital status, gender expression, genetic information, sexual orientation, ancestry, mental or physical disability, military or veteran status, or any other characteristic protected by law.