Staff Engineer II - Active Directory

Job Title:

Staff Engineer II - Active Directory

Location:

Block 23

What you'll do:

As an Staff Engineer II within the Identity and Access Management (IAM) department, you’ll serve in a mid-level, hands-on engineering role with a primary focus on Active Directory technologies. You’ll be part of a collaborative IAM team responsible for managing, maintaining, and supporting the organization’s on premises and hybrid Active Directory infrastructure, including directory services, authentication, authorization, and identity lifecycle integrations. In this role, you’ll identify development and operational support needs, contribute to Active Directory–centric design decisions, and take ownership of assigned project and enhancement tasks. As an IT Staff Engineer II, you’ll facilitate technical discussions and cross team collaboration, working closely with security, infrastructure, and application teams to ensure stable, secure, and scalable identity services.

• Take assignments that can be worked on individually without supervision and manage work effort from concept to completion.
• Provide high-level engineering and functional support for Active Directory and Windows Server services, including GPO, RADIUS/NPS, PKI/Certificate Services, ADFS, and other domain-related services
• Serve as Subject Matter Expert (SME) for Active Directory and PKI infrastructure, providing architectural guidance and advanced troubleshooting
• Design, redesign, and maintain Active Directory forests, domains, trusts, and OU structures, supporting a hybrid Entra AD environment
• Architect and enforce Group Policy (GPO) strategy, including security baselines, hardening, and lifecycle management
• Design and manage permissions, delegation models, and RBAC aligned with least privileged principles
• Implement and maintain Active Directory security hardening aligned with CIS, NIST, or other internal/external standards
• Design and manage tiered administration models (Tier 0 / privileged access separation)
• Support and integrate PKI, Kerberos, and authentication controls across the environment
• Design, build, and manage enterprise Microsoft Active Directory and Windows file services architecture
• Independently execute large-scale Active Directory initiatives (redesigns, migrations, modernization, cleanup)
• Act as L3 escalation for Active Directory–related incidents and resolve issues assigned through the incident management system
• Develop, document, and maintain runbooks, standard operating procedures, and workflows for L2 operational teams
• Configure and troubleshoot Windows desktop environments (AD, GPO) in support of VDI / Azure Virtual Desktop (AVD) deployments
• Provide on-call support for critical identity and directory services incidents
• Ensure compliance with IT policies, procedures, and industry standards, including reviewing and refining IT control enhancements.

What you'll need:

• 7+ years of related experience in IT App Support, IT Development, IT Networking, Active Directory/Azure (Entra) AD or similar field.
• Bachelor's degree in related field required.
• Intermediate to advanced knowledge of general Financial Services or Banking preferred.
• Intermediate to advanced knowledge of core Windows Server services
• Advanced knowledge of applicable regulatory and legal compliance obligations, rules and regulations, industry standards, and practices.
• Intermediate to advanced ability to see the big picture and align projects with organizational goals. Expertise in resolving conflicts and addressing challenges as well as skilled at identifying and mitigating risks at the project level. Proficient in governance patterns tied to intake, technical reviews, and architectural compliance.
• MCSE or equivalent Microsoft certification (or equivalent real-world experience)
• Advanced speaking and writing communication skills.
• May require up to 25% travel.

Benefits you’ll love:
We offer all the important things you'd want — like competitive salaries, an ownership stake in the company, medical and dental insurance, time off, a great 401k matching program, tuition assistance program, an employee volunteer program, and a wellness program. In addition, you’ll have the opportunity to bolster your business knowledge, learning the ins and outs of how successful companies operate and manage their finances, giving you invaluable hands-on experience to help grow your career!

About the company:

Western Alliance Bank is a wholly owned subsidiary of Western Alliance Bancorporation. Alliance Bank of Arizona, Alliance Association Bank, Bank of Nevada, Bridge Bank, First Independent Bank, and Torrey Pines Bank are divisions of Western Alliance Bank; Member FDIC.  AmeriHome Mortgage is a Western Alliance Bank company.

Western Alliance Bancorporation is committed to equal employment and will consider all qualified applicants without regard to race, sex, color, religion, age, nation origin, marital status, disability, protected veteran status, sexual orientation, gender identity or genetic information. Western Alliance Bancorporation is committed to working with and providing reasonable accommodations for individuals with disabilities. If you are an individual with a disability and require a reasonable accommodation to complete any part of the application process and/or need an alternative method of applying, please email HR@westernalliancebank.com or call 602-386-2488.  When contacting us, please provide your contact information and state the nature of your accessibility issue.  We will only respond to inquiries concerning requests that involve a reasonable accommodation in the application process.

© Western Alliance Bancorporation