Henrico, Virginia, United States
Senior Identity & Infrastructure Engineer with 15+ years of experience specializing in Azure AD/Entra ID, IAM security, Active Directory engineering, Zero Trust controls, and Microsoft 365/Exchange Online & On‑Premises environments. I design and secure enterprise identity platforms, implement authentication and federation (SAML, OAuth, OIDC, ADFS), and manage privileged access using PIM, RBAC, and Conditional Access. My background includes hybrid identity architecture, Azure AD Connect, identity lifecycle automation, Exchange Online and On‑Prem mailbox migrations, hybrid Exchange configurations, Intune/Autopilot deployments, VMware ESXi administration, and large-scale Windows Server engineering. I have delivered multiple cloud transformation and identity modernization projects across global enterprise environments. I am passionate about identity security, Zero Trust, and building resilient, scalable, and compliant IAM ecosystems.
Identity & Access Management / Cybersecurity • Implement IAM security across Azure AD and hybrid identity, including MFA, Conditional Access, device compliance, and identity governance. • Manage Privileged Identity Management (PIM), RBAC, JIT access, and access reviews for privileged roles. • Design authentication flows using SAML, OAuth, OIDC, ADFS, and certificate-based authentication. • Integrate Defender for Identity and Identity Protection for threat detection and incident response. • Troubleshoot hybrid identity issues involving Azure AD Connect, federation, sync failures, and token issuance. Microsoft 365, Exchange Online & On‑Prem • Manage Exchange Online and Exchange On‑Prem environments, including hybrid configurations and coexistence. • Perform mailbox migrations (Exchange 2010 → 2016, On‑Prem → O365, tenant‑to‑tenant). • Configure and maintain mail flow, connectors, transport rules, and hybrid mail routing. • Implement DKIM, SPF, DMARC, anti‑phishing, anti‑malware, and EOP/Defender for Office 365 policies. • Support Teams, SharePoint, OneDrive, and full M365 administration. Directory Services & Infrastructure • Manage AD forests, domain controllers, GPOs, PKI, replication, and AD hardening. • Lead identity lifecycle operations including provisioning, deprovisioning, and access governance. • Engineer VMware ESXi clusters (4.5–8.0), Windows Server 2016–2022, and server hardening baselines.
• Managed Azure AD, Active Directory, GPOs, RBAC, MFA, Conditional Access, and identity lifecycle. • Delivered hybrid identity using Azure AD Connect and federation services. • Supported Exchange On‑Prem and O365, Teams, SharePoint, and Intune deployments. • Designed and maintained VMware ESXi clusters and Windows Server environments.
• Designed and administered AD forests, domains, GPOs, delegation models, DNS/DHCP, and replication. • Led AD migration (2003 → 2008), DC promotions/demotions, and FSMO role maintenance. • Managed audit logs, security policies, and compliance documentation.
• Managed Workspace ONE for 70K devices and Intune BYOD deployments. • Implemented DNS, DHCP, print servers, file server quotas, eDiscovery, and DLP. • Supported Exchange and file server restoration drills.