Security Architect
Chennai
Job No. atci-5511367-s2011390
Full-time
工作描述
Project Role : Security Architect
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Microsoft 365 Security & Compliance
Good to have skills : NA
Minimum 3 year(s) of experience is required
Educational Qualification : 15 years full time education
Directory Services Operations
Operate and maintain a hybrid identity architecture
based on on-premise Active Directory and Entra ID
in the M365 cloud
Manage Azure AD Connect synchronization, includ
ing monitoring, troubleshooting, and lifecycle man
agement
Administer Active Directory core services, including:
o Domains and trusts
o Sites and Services
o Replication topology
o DNS integration
Ensure high availability, performance, and stability
of directory services
Identity and Access Management
Administer Entra ID and Microsoft 365 tenant con
figuration
Manage and optimize:
o Conditional Access Policies
o Identity protection and authentication meth
ods
o Tenant-wide security and identity settings
Support application integrations and identity federa
tion scenarios
o Review and validate requests to ensure com
pliance with internal standards and pro
cesses
o Implement approved requests in a controlled
and auditable manner
o Access management and permission delega
tion through Quest Active Roles
Security, Hardening & Compliance
Harden AD, Entra ID, and M365 environments
based on security best practices and frameworks
(e.g. CIS Benchmarks)
Ensure:
o Least-privilege access models
o Secure authentication and authorization de
signs
o Regular review of privileged roles and access
paths
o Minimize risks for cyber-attacks or similar
vulnerabilities
Support audits, security assessments, and remedia
tion activities
Governance, Auditing and Reporting of AD by using
Quest s Active Administrator, Change Auditor, En
terprise Reporter and IT Security Search
Mergers & Acquisitions (M&A)
Support M&A activities from an identity perspec
tive, including:
o B2B collaboration and external identity ena
blement
o Migration from legacy AD and M365 environ
ments, including using Quest On-Demand
Migration
o Tenant-to-tenant and directory consolidation
scenarios
Design and execute secure migration strategies with
minimal business disruption
Backup & Recovery
AD backup and recovery through Quest Recovery
Manager
Manage Commvault Cloud (Metallic) as the M365
backup and recovery solution
Ensure:
o Regular backup validation
o Recovery readiness for identities, M365
workloads, and configurations
o Compliance with retention and recovery re
quirements
Automation & IAM Integration
Automation of tasks through PowerShell scripting
Support the design and implementation of self-ser
vice workflows for identity-related use cases
Collaborate closely with the IAM team to:
o Align AD and M365 processes with SailPoint
o Migrate or redesign existing Quest Active
Roles workflows into SailPoint
Promote automation, standardization, and reduc
tion of manual administrative effort
Service Management & Collaboration
Work within ITIL-based processes, including:
o Incident Management
o Service Request Fulfilment
o Problem Management
Act as a technical consultant for internal teams and
stakeholders
Provide 2nd and 3rd level support for identity-re
lated issues
Required Skills and Qual
ifications
Technical Skills
Strong expertise in on-premise Active Directory ar
chitecture and operations
In-depth knowledge of Entra ID and Microsoft 365
identity services
Sophisticated scripting knowledge, especially Mi
crosoft PowerShell
Hands-on experience with Azure AD Connect
Solid understanding of:
o Authentication and authorization concepts
o Identity lifecycle management
Experience with Quest Active Directory manage
ment and migration tools
Knowledge of backup and recovery concepts for
identity and M365 workloads, ideally based on
Commvault Cloud (also called Metallic)
Security & Governance
Strong understanding of identity security best prac
tices including resilience against cyber-attacks
Experience applying security frameworks (e.g. CIS)
Ability to assess risks and enforce governance
standards
Familiarity with audit, compliance, and reporting
requirements
Professional & Methodological Skills
Experience working in ITIL-based service organiza
tions
Structured, analytical, and proactive working style
High level of service orientation and customer focus
Ability to prioritize tasks and work effectively under
pressure
Strong problem-solving and troubleshooting skills
Communication & Personal Skills
Very good communication skills across technical
and non-technical stakeholders
Team-oriented mindset with the ability to work in
dependently
High level of responsibility and ownership
Resilience, flexibility, and adaptability in complex
environments
Fluent English, written and verbal (German is a plus)
Project Role Description : Define the cloud security framework and architecture, ensuring it meets the business requirements and performance goals. Document the implementation of the cloud security controls and transition to cloud security-managed operations.
Must have skills : Microsoft 365 Security & Compliance
Good to have skills : NA
Minimum 3 year(s) of experience is required
Educational Qualification : 15 years full time education
Directory Services Operations
Operate and maintain a hybrid identity architecture
based on on-premise Active Directory and Entra ID
in the M365 cloud
Manage Azure AD Connect synchronization, includ
ing monitoring, troubleshooting, and lifecycle man
agement
Administer Active Directory core services, including:
o Domains and trusts
o Sites and Services
o Replication topology
o DNS integration
Ensure high availability, performance, and stability
of directory services
Identity and Access Management
Administer Entra ID and Microsoft 365 tenant con
figuration
Manage and optimize:
o Conditional Access Policies
o Identity protection and authentication meth
ods
o Tenant-wide security and identity settings
Support application integrations and identity federa
tion scenarios
o Review and validate requests to ensure com
pliance with internal standards and pro
cesses
o Implement approved requests in a controlled
and auditable manner
o Access management and permission delega
tion through Quest Active Roles
Security, Hardening & Compliance
Harden AD, Entra ID, and M365 environments
based on security best practices and frameworks
(e.g. CIS Benchmarks)
Ensure:
o Least-privilege access models
o Secure authentication and authorization de
signs
o Regular review of privileged roles and access
paths
o Minimize risks for cyber-attacks or similar
vulnerabilities
Support audits, security assessments, and remedia
tion activities
Governance, Auditing and Reporting of AD by using
Quest s Active Administrator, Change Auditor, En
terprise Reporter and IT Security Search
Mergers & Acquisitions (M&A)
Support M&A activities from an identity perspec
tive, including:
o B2B collaboration and external identity ena
blement
o Migration from legacy AD and M365 environ
ments, including using Quest On-Demand
Migration
o Tenant-to-tenant and directory consolidation
scenarios
Design and execute secure migration strategies with
minimal business disruption
Backup & Recovery
AD backup and recovery through Quest Recovery
Manager
Manage Commvault Cloud (Metallic) as the M365
backup and recovery solution
Ensure:
o Regular backup validation
o Recovery readiness for identities, M365
workloads, and configurations
o Compliance with retention and recovery re
quirements
Automation & IAM Integration
Automation of tasks through PowerShell scripting
Support the design and implementation of self-ser
vice workflows for identity-related use cases
Collaborate closely with the IAM team to:
o Align AD and M365 processes with SailPoint
o Migrate or redesign existing Quest Active
Roles workflows into SailPoint
Promote automation, standardization, and reduc
tion of manual administrative effort
Service Management & Collaboration
Work within ITIL-based processes, including:
o Incident Management
o Service Request Fulfilment
o Problem Management
Act as a technical consultant for internal teams and
stakeholders
Provide 2nd and 3rd level support for identity-re
lated issues
Required Skills and Qual
ifications
Technical Skills
Strong expertise in on-premise Active Directory ar
chitecture and operations
In-depth knowledge of Entra ID and Microsoft 365
identity services
Sophisticated scripting knowledge, especially Mi
crosoft PowerShell
Hands-on experience with Azure AD Connect
Solid understanding of:
o Authentication and authorization concepts
o Identity lifecycle management
Experience with Quest Active Directory manage
ment and migration tools
Knowledge of backup and recovery concepts for
identity and M365 workloads, ideally based on
Commvault Cloud (also called Metallic)
Security & Governance
Strong understanding of identity security best prac
tices including resilience against cyber-attacks
Experience applying security frameworks (e.g. CIS)
Ability to assess risks and enforce governance
standards
Familiarity with audit, compliance, and reporting
requirements
Professional & Methodological Skills
Experience working in ITIL-based service organiza
tions
Structured, analytical, and proactive working style
High level of service orientation and customer focus
Ability to prioritize tasks and work effectively under
pressure
Strong problem-solving and troubleshooting skills
Communication & Personal Skills
Very good communication skills across technical
and non-technical stakeholders
Team-oriented mindset with the ability to work in
dependently
High level of responsibility and ownership
Resilience, flexibility, and adaptability in complex
environments
Fluent English, written and verbal (German is a plus)
职位要求
15 years full time education
