Back to search results
Senior Active Directory - Cloud Identity Specialist
Boston, Massachusetts Jersey City, New Jersey Additional locations Apply × To proceed with your application, you must be at least 18 years of age.
Acknowledge Refer a friend Apply × To proceed with your application, you must be at least 18 years of age.
Job Description
At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities, and shareholders every day.
Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.
Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.
At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us
Summary
We are seeking a Senior Directory Services analyst to modernize our enterprise identity platform across on-prem Active Directory, LDAPs, and other cloud-based directories and stores. The role is focused on securing employee, partner, and application access in a highly-regulated financial services environment and will partner closely with security infrastructure and application teams. If you are passionate about identity security and thrive in high-stakes environments, this role offers the chance to make a measurable impact on the security posture of a global enterprise.
Key Responsibilities
• Lead architecture, engineering, and operations for Active Directory forests, domains, and Group Policy in a multi-site, highly-regulated environment. • Design and drive adoption of hybrid identity solutions integrating on-prem and cloud-based services. • Implement and optimize authentication and authorization controls, SSO, MFA, Conditional Access, identity protection, and modern protocols (SAML, OAuth2, OIDC). • Define and enforce standards for identity lifecycle, joiner/mover/leaver processes, automated provisioning/deprovisioning, access reviews, and role-based access control (RBAC). • Partner with stakeholders and business teams to implement least-privilege, privileged access management (PAM), and Zero Trust-aligned identity controls. • Lead and support AD and identity-related projects, domain forest consolidation, mergers and acquisitions, cloud migrations, and re-platforming. • Enhance monitoring, alerting, and reporting for directory and identity health, security posture, and compliance audit trails (SOX, GLBA, PCI, etc.). • Develop and maintain scripts and automation primarily in PowerShell to drive consistency, efficiency, and security in identity operations. • Serve as a senior SME and escalation point for complex identity incidents, outages, and security events. • Produce and maintain technical documentation, runbooks, standards, and architecture diagrams for AD and cloud identity services. • Mentor and guide junior engineers, analysts, and admins, and contribute to identity and access strategy and roadmap.
Required Qualifications
10 years of hands-on experience administering and engineering enterprise Active Directory in a large, multi-site environment. Strong expertise in AD forest design, domain design, trusts, DNS, Group Policy replication, and AD security hardening. 5 years working with Azure AD, Entra ID, and hybrid identity synchronization, federation, ADFS, or equivalent cloud-only and hybrid scenarios. Deep understanding of identity and access management concepts, authentication, authorization, RBAC, least privilege, PAM, Zero Trust. Strong experience with MFA, Conditional Access, SSO, and identity federation using SAML, OAuth2, and OpenID Connect. Proficiency with PowerShell for automation, reporting, and bulk operations in AD and Azure AD. Experience operating in regulated environments, preferably in banking and financial services, with audit risk and compliance requirements. Solid understanding of networking and security fundamentals (TCP/IP, firewalls, TLS certificates, PKI) as it relates to identity. Excellent communication skills and ability to translate technical identity risks and solutions for non-technical stakeholders.
Desired Qualifications
Experience with IAM platforms such as Okta, Ping, ForgeRock, SailPoint, or similar. Experience with AWS IAM and/or GCP IAM and integrating them with corporate identity. Background with PAM solutions, CyberArk, Delinea, Thycotic, BeyondTrust, Hashi, etc. Relevant certifications, such as Microsoft Certified Identity and Access Administrator Associate, Azure Administrator Security Engineer, or equivalent.
Shift 1st shift United States of America Hours Per Week: 40
Learn more about this role Apply × To proceed with your application, you must be at least 18 years of age. Acknowledge Refer a friend Apply × To proceed with your application, you must be at least 18 years of age. Acknowledge
Full time JR-26005110 Manages People No Travel No Age requirement: Must be at least 18 years of age.
Massachusetts pay and benefits information: Massachusetts pay range: $135,000.00 - $182,100.00 annualized salary Offers to be determined based on experience, education, and skill set. Discretionary incentive eligible This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group, and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources, and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
New Jersey pay and benefits information: New Jersey pay range: $135,000.00 - $182,100.00 annualized salary Offers to be determined based on experience, education, and skill set. Discretionary incentive eligible This role is eligible to participate in the annual discretionary plan. Employees are eligible for an annual discretionary award based on their overall individual performance results and behaviors, the performance and contributions of their line of business and/or group, and the overall success of the Company. Benefits This role is currently benefits eligible. We provide industry-leading benefits, access to paid time off, resources, and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve.
Share Save job Job saved