AI Summary
Lead a full transformation from a hybrid Active Directory environment to a fully cloud-native identity and device management ecosystem using Microsoft Entra ID and Microsoft Intune.
Key Highlights
Conduct a comprehensive assessment of the existing hybrid Active Directory environment
Develop a detailed migration plan including timelines, milestones, and risk mitigation strategies
Implement Conditional Access, MFA, and identity governance policies based on security requirements
Enroll Windows, iOS, macOS, and Android devices into Intune
Migrate Group Policy Objects (GPOs) into Intune equivalents where applicable
Technical Skills Required
Benefits & Perks
Integration with global brands and disruptive startups
Remote / Home office work model
Major Medical Expenses insurance (Mexico only)
Life insurance (Mexico only)
Multicultural, international project teams
Access to courses and certifications
IT-focused meetups with external expert guests
Virtual team-building events and interest groups
English classes
Opportunities across multiple business units
Job Description
Role Overview
We are seeking a Senior Active Directory Engineer to lead a full transformation from a hybrid Active Directory environment with on-premises and virtual domain controllers to a fully cloud-native identity and device management ecosystem using Microsoft Entra ID and Microsoft Intune.
This role requires a deep understanding of identity infrastructure, hands-on execution, strong troubleshooting skills, and experience modernizing enterprise environments with limited legacy documentation.
You will serve as the technical expert responsible for architecting, executing, and supporting a large-scale migration focused on security, compliance, device management, and operational excellence.
Key Responsibilities
Assessment & Planning
- Conduct a comprehensive assessment of the existing hybrid Active Directory environment.
- Identify dependencies, legacy systems, and applications that rely on on-prem AD.
- Develop a detailed migration plan including timelines, milestones, and risk mitigation strategies.
- Synchronize and validate user identities within Microsoft Entra ID.
- Transition authentication from hybrid to fully cloud-native.
- Implement Conditional Access, MFA, and identity governance policies based on security requirements.
- Decommission Azure AD Connect and all domain controllers after migration completion.
- Enroll Windows, iOS, macOS, and Android devices into Intune.
- Define and deploy device configuration and compliance policies.
- Implement Windows Autopilot for zero-touch provisioning of new devices.
- Migrate Group Policy Objects (GPOs) into Intune equivalents where applicable.
- Enable and configure Intune Remote Help within the Microsoft Endpoint Manager admin center.
- Assign proper RBAC roles and permissions for IT support teams.
- Integrate Remote Help with Conditional Access and compliance configurations.
- Provide documentation and best practices for secure and effective use of Remote Help.
- Reconfigure access to SaaS and internal applications through Entra ID SSO.
- Ensure seamless access to file shares, printers, and other corporate resources post-migration.
- Note: All on-premise print servers will be decommissioned.
- Conduct pilot testing with a subset of users and devices.
- Validate identity, access, device compliance, and Remote Help functionality.
- Troubleshoot, resolve issues, and optimize configurations.
- Deliver complete technical documentation for architecture, configuration, and operational processes.
- Provide training and handover to internal IT teams.
- Support post-migration stabilization for a defined period
Desired Profile
Experience
- 5-10 years of experience managing Active Directory and hybrid identity environments.
- Proven experience in migrating from on-prem AD to Azure AD / Microsoft Entra ID.
- Strong, hands-on experience with Microsoft Intune, Autopilot, and device compliance policies.
- Experience working with complex enterprise environments and undocumented legacy systems.
- Expertise in Active Directory, DNS, DHCP, Group Policy, Azure AD Connect.
- Advanced understanding of Microsoft Entra ID (SSO, MFA, Conditional Access, identity lifecycle).
- Proficiency with Microsoft Intune and Windows Autopilot.
- Familiarity with Zero Trust principles, RBAC, and security best practices.
- Strong ability to produce clear technical documentation.
- Excellent problem-solving and troubleshooting abilities.
- Strong cross-functional communication (support, operations, security, application teams).
- High level of autonomy and ownership.
- Ability to work in environments with evolving requirements and minimal documentation.
- Intermediate to advanced technical English.
- Ability to collaborate across distributed teams and time zones.
- Experience in multi-entity corporate environments (preferred).
Benefits
- 🚀 Integration with global brands and disruptive startups.
- 🏡 Remote / Home office work model.
- 📍 If hybrid or on-site presence is required, you will be informed in the first interview.
- ⏳ Work schedule aligned to the assigned team or project.
- 📅 Monday-Friday workweek.
- 🎉 Day off on your birthday.
- 🏥 Major Medical Expenses insurance (Mexico only).
- 🛡️ Life insurance (Mexico only).
- 🌎 Multicultural, international project teams.
- 🎓 Access to courses and certifications.
- 📢 IT-focused meetups with external expert guests.
- 📡 Virtual team-building events and interest groups.
- 📢 English classes.
- 🏆 Opportunities across multiple business units.
- 🏅 Proudly certified as a Great Place to Work