Our pre-employment assessment is changing as of 10/29. If you are applying to newly posted positions, you will need to take the revised assessment.

Job Details

Sr Systems Engineer-Enterprise Directory & Messaging

Requisition #: 363825
Location: Johns Hopkins Health System, Baltimore, MD 21201
Category: Information Technology
Work Shift: Day Shift
Work Week: Full Time
Weekend Work Required: No
Date Posted: July 21, 2021

SR. SYSTEMS ENGINEER - Enterprise Directory & Messaging


Flexibility with remote or hybrid schedule

On call requirements


The Sr. Systems Engineer will be responsible for John Hopkins on-premises AD, Azure AD and Office 365 tenants. The position will be responsible for configuring and managing Johns Hopkins Office 365 tenants and designing, implementing, and supporting services for Azure AD and Identity management solutions. The position will be working with other teams to implement federated services, SSO, MFA, conditional access, etc. for authentication and access to Office 365 and Azure cloud services.

Specific duties & responsibilities

  1. Configure and manage on-premises Active Directory and Azure Active Directory environments
  2. Support, implement, and design services for Azure AD and identity management solutions
  3. Provide engineering services to plan and execute AD domain consolidations
  4. Resolve problems and issues related to Active Directory and Azure Active Directory
  5. Configuration and maintenance of policies, settings, and packages within the Office 365 ecosystem
  6. Standardization and maintenance of permissions and Azure AD roles using Role Based Access Controls including Group-based Privileged Identity Management
  7. Formulation, integration, and testing of Conditional Access Policies to secure access to company and web resources
  8. Promote innovative solutions to clients regarding Office 365 offerings and Azure AD integrations
  9. Act as highest tier of escalation for issues related to Office 365 and Azure AD
  10. Accept escalations and complete service requests within the established SLAs and provide best practice recommendation
  11. Setup, configure, and integrate new Azure AD tenants
  12. Ensure compliance with industry and company standards
  13. Keep up-to-date on emerging trends in the Identity, Authentication, Authorization, Device Management, Governance, and Information Security industries especially as they relate to Azure AD
  14. Deep understanding of the directory synchronization process for Azure AD

Examples of clients supported and degree of client interaction:

  • Enterprise Active Directory: Managed multiple DCs across 3 data centers and multiple AD sites providing client authentications. Responsible for maintaining security for the DCs and AD.
  • Office 365: A suite of collaboration tools such as OneDrive and Microsoft Office provided online through the Office 365 Portal.
  • Azure Active Directory: Azure AD is Microsoft's cloud-based identity and access management service, which helps Johns Hopkins faculty, staff, and student sign in and access cloud resources and Internal resources, on the Hopkins corporate network and intranet, along with any cloud apps developed by the organization. Azure AD provided single sign-on and multi-factor authentication to help protect users from cybersecurity attacks.
  • Microsoft DirSync and AD integration: Work with the Identity team to deploy Office 365 Directory Synchronization (DirSync) to synchronize accounts between Hopkins’ on-premises directory and Azure Active Directory tenants with Office 365.
  • Federation Services and Single Sign-On (SSO): Work with the Enterprise Authentication team where require access for example SharePoint sites or other web-based Office 365 services, it is important to have an understanding on Active Directory Federation Services and Single Sign-On system for access to Hopkins resources in Office 365.
  • PowerShell: Knowledge of setting up Windows PowerShell, Microsoft’s task automation and configuration management system, especially where automation is a necessity for administration.
  • Domain Name Systems (DNS): Should be comfortable with DNS and mapping domain names to internal and external Hopkins’ resources and Internet resources.

Required Education: Bachelor’s degree. Additional experience can be substituted for education.

JHH Equivalency Formula: For jobs where equivalency is permitted, relevant experience may be applied towards the education required for the respective job at a rate of 1 year of education for 2 years of experience.

Required Experience: Six years related experience...One to two years of Azure AD/Office 365 Global Administrator experience.


Learn More About
Johns Hopkins Medicine.