Job description

The agency continues to serve the interests of justice and the public by resolving matters brought before it in a fair, timely, efficient, and open manner. It is committed to providing meaningful access to its working system. Careers in the department play an essential role for the public and society. Our client's meaningful, challenging, and interesting positions have a long-lasting effect that serves to advance justice and ultimately provides for the greater good of all. The hybrid working environment provides opportunities for learning and development. Candidates willing to relocate will be considered. Scope of Services • The scope of services required for this Solution Architect includes senior-level support for Messaging, Active Directory & Identity management team with an emphasis on Operations security. • The candidate will be responsible for security administration of all Active Directory forests and domains and the Microsoft Exchange electronic mail and calendaring platform within the Judicial Branch. • The Solution Architect will assist with the tuning and optimization of the Exchange environment ensuring email security and may be involved in migration activities as well as providing high-level support for problem resolution. • Also in scope is providing support and the design of a Microsoft identity management infrastructure in collaboration with Microsoft Azure to fulfill the access and authentication requirements of users for the Judicial Branch Background • The Judicial Branch Active Directory and Exchange system has approximately 6,000 active accounts consisting of about 4,500 end user accounts and 1,500 generic and service accounts. Microsoft identity manager 2016 implemented to manage access and identity requirements as well as keeping data integrity intact with legacy data sources. • The Judicial Branch Active Directory environment consists of three directory forests. • The internal Judicial Branch forest contain accounts for Branch employees as well as directories for resources such as conference rooms and service accounts. • One of the two external forests contain accounts for employees of other branches of state government and resources shared between Judicial and other branches. • The other external forest contains resources available from the Internet. In total, there are between 13,000 and 14,000 accounts across all the Active Directory forests maintained by the Judicial Branch • The Judicial Branch Microsoft Exchange organization consists of over 80 mailbox databases replicated using an Exchange database availability group (DAG). • The Active-Active Exchange nodes are hosted on VMware virtual servers, with nodes in our primary data center and alternate Processing Center (APC) servicing users simultaneously. Mailbox compliance requirements for the branch include mailbox auditing and process drive Litigation hold practices. • Email encryption is a key component of what the branch offers to the users encrypting keyword based end to end encryption for secure email exchange. • Two Cisco IronPort appliances provide anti- malware and anti-spam filtering for the branch. • System center configuration manager is deployed to address needs for security patching for all infrastructure servers every active directory forests. • A number of auditing policies and products are deployed to address the branch's security and compliance requirements. • The ideal candidate would be expected to contribute immediately in two distinct areas with demonstrated technical experience as summarized below: Duties: • Expert level Windows 2019/2016 Active directory and domain controller design, implementation and administration • Expert level health and performance monitoring of a Microsoft Exchange environment and all its components and interfaces. Take preventive or corrective action as needed to maintain system availability and performance standards • Monitor logs, message flows, queues, quotas, storage and other resources taking appropriate preventive or corrective action as needed • Manage and administer the e-mail data stores and database availability groups (DAGs) to deliver optimal performance and availability • Develop process and adhere to eDiscovery and Litigation hold requests • Respond to escalated helpdesk tickets, resolve system and user problems and provide assistance as needed. • Expert level ongoing support and architecture planning for Microsoft Identity manager 2016 codeless environment following all best practices from Microsoft • Work with legacy application owners to integrate their data into the Microsoft IDM metaverse and flow into Active directory • MIM group management, password portal, integration with SQL management agents and ADFS • Expert level knowledge on deploying and architecting System center configuration manager SCCM version 1902 • Audit, test, schedule and install patches using SCCM and other operating system components as well as upgrades to Exchange servers as needed • Administer MIM 2016, Microsoft Exchange and Active Directory high availability, disaster recovery, backup and restoration of the entire system as well as individual components such as files and end user mailboxes • Experience with performance tuning for Active directory, Exchange server and Microsoft MIM environments in a 24 x 7 environment. • Develop, implement and document configuration standards, policies and procedures for managing, operating, and ensuring the security of the MIM 2016, Exchange & Active Directory infrastructure • Manage Outlook Web App (remote mail access), mail routing protocols, relays, gateways, email encryption and security, interfaces and transports to external mail systems and provide support for mobile devices and phones • Administer the mail system anti-spam, anti-virus appliances (IronPort) • Expert level knowledge in auditing and managing Palo Alto TRAPS and MalwareBytes antivirus products for all servers • Experienced with working in CritSit (critical situation) such as data breach, malware/ransomware attack and disaster recovery with minimal or no supervision • Experience and expert level knowledge in implementing multi-factor authentication for users for applications such as webmail and other federated apps • Manage Branch-wide standards for Exchange, AD and Identity Management • Availability for 24x7 on-call support. The duties required of this position requires strong knowledge and expertise with designing, implementing, and supporting the following technologies: • Active directory • Microsoft Exchange server 2016/2019 • Windows Server 2008 R2, 2012, 2016 and 2019 • Microsoft Identity manager 2016 • System center configuration manager (SCCM) • Cisco IronPort email gateway • Email encryption products Infrastructure auditing products • Active directory federation services • Office 365 Tenant configuration • Office 365 Hybrid configuration • Access Control and Conditional Access (CA) Azure Active Directory (AAD) and AAD Connect Password Hash sync • Microsoft Federation Integration with Office 365, Azure and Identity Management • Multi Factor Authentication (MFA) with Azure • Advance Threat Protection (ATP) policies • Palo Alto TRAPS administration • MalwareBytes cloud deployment Qualifications and Certifications In addition to the general qualifications of the contract, the skills and experience levels required for a candidate to be considered for this position are listed below: • 10+ years of Expert level direct hands-on Microsoft Exchange and Active Directory administration experience • 5+ years of Microsoft identity manager, SCCM and email security experience • Strong understanding of SMTP e-mail flow and related transport/DNS configuration • Experience with server virtualization technology including configuring and managing virtual servers preferably in a VMware environment • Strong understanding of AD forests, domains, trusts, DHCP, DNS and group policy as it relates to Active directory • Experience configuring and managing high-availability server environments using local and remote clustering and network load balancing technologies • Scripting experience in languages such as Powershell • Experience developing and testing offsite disaster recovery plans • Excellent written and verbal communication skills • Proven ability to work independently as well as with others, with minimal supervision • Adhere to change management, incident management and problem management practices to ensure all activities are executed as per process Required Preferred Certifications • Microsoft Certified Solutions Expert • O365 Enterprise Administrator Expert • Microsoft 365 Certified Messaging Administrator Associate • Microsoft Certified Professional • Microsoft Exchange 2016 certification • ITIL V3

Requirements