Submitting more applications increases your chances of landing a job.
Here’s how busy the average job seeker was last month:
Opportunities viewed
Applications submitted
Keep exploring and applying to maximize your chances!
Looking for employers with a proven track record of hiring women?
Click here to explore opportunities now!You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for
Would You Be Likely to Participate?
If selected, we will contact you via email with further instructions and details about your participation.
You will receive a $7 payout for answering the survey.
Alnafitha is seeking
a Senior Active Directory Engineer to deliver managed operations and to support
a major identity change initiative for a banking client in the Kingdom of Saudi
Arabia. Working as the on-site technical liaison between the client and the
global office, the engineer ensures the stability, security, and compliance of
the client’s Active Directory environment while executing planned modernization
work (such as forest consolidation, domain migration, schema upgrades, and
security hardening) in parallel with business-as-usual operations.
Operational Stability & Health Management (Daily / Weekly)
•Monitor Active Directory health,
including replication, FSMO roles, SYSVOL, event logs, and domain controller
performance.
•Perform daily health checks
(DCDIAG, REPADMIN, NETDIAG) and carry out proactive remediation.
•Manage DNS hygiene, including
scavenging, stale records, and DNSSEC where used.
•Manage time synchronisation,
ensuring the PDC emulator points to a reliable NTP source.
•Ensure backup success (system
state and full forest) and periodically test restores.
•Apply OS, security, and AD
cumulative updates during approved maintenance windows.
Support the “Change” Initiative (Project Mode, in parallel with BAU)
•Participate in joint planning with
the global office and local bank teams to define the change (e.g., forest
consolidation, domain migration, schema upgrade, security overhaul, site
topology redesign).
•Deploy new domain controllers or
upgrade existing ones.
•Modify site links, subnets, and
replication schedules.
•Restructure OUs and move objects
(users, computers, groups) using tools such as ADMT, PowerShell, and Quest.
•Implement new GPOs or refactor
existing ones.
•Configure or reconfigure forest
and domain trusts.
•Migrate service accounts to gMSA
wherever possible.
•Perform pre-change validation in a
lab or staging environment.
•Execute change during approved
maintenance windows (nights / weekends, respecting banking hours).
•Validate post-change health and
roll back if success criteria are not met.
Security & Compliance Hardening (Ongoing)
•Maintain an AD security baseline
aligned with CIS / NIST and banking regulations (FFIEC, PCI, SWIFT CSP).
•Manage and monitor privileged
groups (Enterprise Admins, Domain Admins, Schema Admins) for unauthorized
changes.
•Review and clean up stale users,
computers, and service accounts monthly.
•Enforce Kerberos AES encryption,
restrict NTLM, and enable LDAP signing and channel binding.
•Manage and rotate service account
credentials (LAPS for local admins, gMSA for services).
•Assist with privileged access
management (PAWs, JIT, break-glass accounts).
•Ensure audit policies forward logs
to the SIEM (Splunk, Sentinel, QRadar) and investigate anomalies.
Collaboration with the Global Office
•Act as the technical liaison
between the global AD team and local bank operations.
•Participate in weekly design /
status calls with the global office during the major change initiative.
•Translate global AD standards into
local implementation plans.
•Report on local environment
health, risks, and change progress using agreed dashboards.
•Escalate issues requiring global
decisions (e.g., schema changes, cross-forest trust policies).
Troubleshooting & Incident Resolution
•Diagnose and resolve AD-related
incidents, including authentication failures, replication breaks, GPO
application issues, account lockouts, and Kerberos errors.
•Perform root cause analysis and
implement permanent fixes.
•Support application teams with AD
integration issues (SPN misconfigurations, delegation, permissions).
•Participate in security incident
response where AD compromise is suspected (e.g., golden ticket, DCSync
attacks).
Documentation & Knowledge Transfer (Local team and global office)
•Maintain living documentation: AD
topology, domain controller inventory, FSMO locations, site links, GPO
inventory, privileged group memberships, and service account lists.
•Document all changes performed during the major change initiative, including before / after st
You'll no longer be considered for this role and your application will be removed from the employer's inbox.