Directory Services Architect
Workplace: Stockholm, Sweden
Expires: September 4, 2025
Epical is a data consultancy specializing in data management, utilization, and protection. We empower clients through secure digital identity management. We are looking for a Directory Services Architect to join our Digital Trust team with responsibility for implementing identity solutions and directory services like Active Directory, federation, authentication, and authorization. The role involves designing technical implementations, managing architectural and technical solutions, mitigating identity domain vulnerabilities, and ensuring security and regulatory compliance. This is a full-time remote position based in Sweden or Finland.
Main requirements:
- Minimum 10 years of expert-level technical expertise in Active Directory Domain Services (AD DS) including implementation, design, and securing.
- At least 3 years experience designing and implementing Microsoft Legacy Tier Model or Enterprise Access Model with Privilege Access Workstations (PAWs).
- Completed minimum 5 projects related to Active Directory Domain Services (AD DS).
- Completed minimum 3 projects implementing tier model security in AD DS, with the latest no older than 2018.
- At least 3 years experience with Public Key Infrastructure (PKI) relating to AD DS and Smart Card or YubiKey authentication.
- Minimum 3 years of technical expertise and understanding of DNS.
- Excellent knowledge of Windows Server and Client, Group Policy, and advanced troubleshooting.
- Good knowledge of authentication/authorization protocols: NTLM, Kerberos, SAML, OAuth2, OIDC.
- Good knowledge of network segmentation, IPSec in Windows Firewall (Domain and Server Isolation), and 802.1x.
- Fluent in English, both speaking and writing.
Responsibilities:
- Create designs for technical implementations based on customer requirements.
- Manage delivery of architectural and technical solutions ensuring practical implementability.
- Stay updated on common identity domain vulnerabilities and threats; mitigate in design and implementation.
- Collaborate within the team and independently drive projects and work forward.
- Keep current on industry trends and best practices in Directory Services and identity domain.
- Ensure compliance with security standards and regulatory requirements in customer deliveries.
Required hard skills:
- Active Directory Domain Services (AD DS) expert knowledge
- Microsoft Legacy Tier Model or Enterprise Access Model with PAWs
- Public Key Infrastructure (PKI) relating to AD DS
- Smart Card and YubiKey authentication
- DNS expertise
- Windows Server and Client
- Group Policy
- Authentication protocols: NTLM, Kerberos, SAML, OAuth2, OIDC
- Network segmentation and IPSec in Windows Firewall
- 802.1x network security
Recommended hard skills:
- Active Directory Certificate Services (AD CS) design and troubleshooting
- Active Directory Federation Services (AD FS) design and troubleshooting
- VMware Cloud Foundation (VCF) related to authentication and authorization (ESXi, vCenter, vIDM, NSX-T Manager)
- PowerShell and .NET Framework for identity and Active Directory task automation
- IAM solutions & Microsoft Entra ID
- Designing solutions for Operational Technology (OT) environments
- Experience in security-sensitive project operations
Soft skills:
- Analytical skills
- Attention to detail
- Strong communication skills
- Curiosity and commitment to learning and development
- Adaptability to change
Coding languages:
- PowerShell
- .NET (C#)
Frameworks:
- Microsoft .NET Framework
Operating systems:
- Windows Server
- Windows Client
Natural languages:
- English (Proficient)
- Swedish (Basic familiarity)
- Finnish (Basic familiarity)
Cultural skills:
- Collaborative team player
- Self-driven and initiative-taking
- Customer-oriented
- Embracing continuous learning culture
- Respect for work-life balance