1044 Principal Active Directory Administrator

Recruitment #PEX-1044-903996

Introduction

Applicants are encouraged to apply immediately as this recruitment may close at any time but not earlier than March 5, 2020. This position is open until filled.

 

Department:

The Department of Technology is the centralized technology services provider within San Francisco City & county government, delivering technology infrastructure and services to approximately 33,000 employees and 800,000 residents. The department has an annual operating budget of over $130M and contains over 200 employees. Core service areas include: Infrastructure and Operations, Technology Security, Service Delivery & Management, Enterprise Applications, Project Management Office, Public Safety Systems & Wiring, Technology Administration, Policy & Governance and IT Public Communications. 

Position:

The Identity and Access Management & Cybersecurity team provides a centralized repository of identities and access control for systems owned and operated by the City and County of San Francisco, Citywide Single Sign-on capabilities and Multi-factor authentication for tier 1 applications to mitigate against identity theft and security breaches. The City Cybersecurity Team provides threat and vulnerability management, incident management and end point security to Citywide departments.

Position Responsibilities:

The Active Directory Engineer reports to the IAM lead and will be responsible for the update, administration and maintenance of Active Directory (AD), Active Directory Federated Services (ADFS), and Microsoft Identity Manager (MIM) environments.  The incumbent will have rich experience in managing Active Directory, both through GUI and PowerShell, Terminal Server and RemoteApp management, creating Replying Party Trusts in ADFS, and managing/fixing data in a MIM environment, along with continual monitoring of the AD environment for quality levels including performance and replication issues, coordinating with Network Administrators, Database Administrators, Information Security, and system owners to architect, deploy and maintain the City AD environment. They should be a detail-oriented, self-motivated, experienced professional with experience supporting Active Directory, ADFS 2012/2016, and FIM/MIM/Azure AD Connect).

Position Duties:

  • Contribute to the overall maintenance, expansion, and client support of the entire AD/ADFS/MIM infrastructure.
  • Contribute to the direction and oversight into the Active Directory functions across the City and County, including areas such as: LDAP(internal) or ADFS(external) authentication to the City AD for non-AD integrated applications; AD PKI/CA management; Security related Audit and Compliance activities; and AD provisioning through the extensive use of MIM, although coding is not required. 
  • Identifying, evaluating and participating in decision making around new extension technologies, such as GPOADmin or ADManager Plus, and Disaster Recovery planning and testing for all aspects of the environment.

Job Type:

The Permanent Exempt - Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is twenty-four (24) months and will not result in an eligible list or permanent civil service hiring.

Nature of Work:

Incumbent must be willing to work a 40-hour week as determined by the department. Travel within San Francisco may be required.

Work Location:

Incumbent will conduct the majority of work at the Department of Technology, One South Van Ness Avenue, 2nd Floor. However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.

 

 

 

 

Minimum Qualifications

Education:
An associate degree in computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field].

Experience:
Five (5) years of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network.

Substitution:
Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units/ forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in computer science or a closely related field.

Desired Experience:

  • Expert knowledge in Active Directory, Active Directory Federated Services, and extensive experience managing User Identities through MIM. 
  • Experience with Quest GPOADmin
  • Ability to perform job functions with considerable independence and judgment.
  • Well organized with excellent written and verbal communication skills.
  • Hands on experience in MIM coding.
  • Hands on experience in creating ADFS Claim Rules.
  • Hands on experience in Oracle IAM, Service Now, Office 365 Exchange.
  • Knowledge of vulnerability assessments and penetration test.
  • Knowledge of industry standard frameworks – NIST, ISO, HIPAA, PCI.
  • Understand and identify PAM capabilities and emerging use cases like cloud service infrastructure, containers and software defined, Robotic Process Automation (RPA)
  • Hands on experience with BeyondTrust.

Desired Qualifications:

  • 7+ years of progressive hands on experience in design, architecture and administration of Active Directory.
  • 2-3 years of experience setting up and managing complex Terminal Server environments.
  • 2-3 years of experience in Active Directory Federated Services.
  • 2-3 experience Configuring and managing AzureAD Connect, AzureAD Connect health, Microsoft Azure Active Directory.
  • 2-3 years of experience in MIM user provisioning and user data management.
  • 2-3 years of experience in migration of all the Directory objects, from the source ( Multiple Domains) to the target Single Domain.
  • 2-3 years of experience in multiple PAM products for session management, threat analytics, endpoint privilege management, password management including vaulting
  • 2-3 years of experience in Privileged account and session management, Privilege elevation and delegation management.
  • 2+ years of experience in Office 365 configuration and management.
  • 2+ years of experience of Creating and Managing the users and groups in Azure AD
  • 3+ years working in a virtualized environment.

Note:

1) Medical Testing: Prior to appointment, eligible candidates must successfully pass the TB testing process.

2) Security Clearances & Background Investigations: Positions in this classification may require that successful candidate who becomes eligible for appointment may be required to go through a background investigation to determine the candidate's suitability for employment in this classification.  Factors considered in the investigation may include employment history, use of illegal/controlled substances.  Reasons for rejection based on this investigation may include, but not limited to applicable convictions, repeated or serious violations of the law, inability to accept supervision, inability to follow rules and regulations, falsification of application materials and/or other relevant factors.  Failure to obtain and maintain security clearance may be basis for termination.

 

 

How To Apply

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit www.jobapscloud.com/sf to register an account (if you have not already done so) and begin the application process.

  • Select the desired job announcement
  • Select “Apply” and read and acknowledge the information
  • Select either “I am a New User” if you have not previously registered, or “I have Registered Previously”
  • Follow instructions on the screen

Computers are available for the public (from 8:00 a.m. to 5:00 p.m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue, 4th Floor, San Francisco.

Applicants may be contacted by email about this announcement and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

If you have any questions regarding this recruitment or application process, please contact the exam analyst, Carol Wong, by telephone at 628-652-5045, or by email at carol.x.wong@sfgov.org.

Resumes may be attached to the application; however, resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Note: Falsifying one's education, training or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

 

Selection Procedures

Supplemental Questionnaire (Qualifying and Informational):

Applicants will be promoted to complete a supplemental questionnaire as part of the online employment application. It is essential that applicants provide complete information in identifying their education, experience, training and licensure, consistent with the information provided on their application. The supplemental questionnaire will be used to assess the applicant's knowledge, skills, and abilities as they relate to this position. Applicants must also complete the official application. The information in the supplemental questionnaire will not be scored and is collected for informational purposes.

The Department may establish and implement additional screening mechanisms to comparatively evaluate qualifications of candidates. if this become necessary, only those applicants whose qualifications most closed meet the needs of the Department will be invited for an interview.

Note: Applicants who meet the minimum qualifications are not guaranteed to advance through all of the steps in the selection process.

verification:

Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. if education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at http://sfdhr.org/index.aspx?page=456

The City and County of San Francisco is an equal opportunity employer. Minorities, women and persons with disabilities are encouraged to apply.

Conviction History

As a selected candidate for a job, you will be fingerprinted, and your fingerprints will be sent to the California Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI). The resulting report of your conviction history (if any) will be used to determine whether the nature of your conviction (or arrest, in limited circumstances) conflicts with the specific duties and responsibilities of the job for which you are a selected candidate. If a conflict exists, you will be asked to present any evidence of rehabilitation that may mitigate the conflict, except when federal or state regulations bar employment in specific circumstances, such as:

  • Candidates for positions with the Unified School District and the Community College District may be disqualified from consideration should their conviction history not meet the standards established under the California Education Code.
  • Candidates for positions with the Recreation and Park Department may be disqualified from consideration should their conviction history not meet the standards established under California Public Resources Code 5164.

Having a conviction history does not automatically preclude you from a job with the City.

If you are a selected candidate, the hiring department will contact you to schedule a fingerprinting appointment.

 

Disaster Service Workers

All City and County of San Francisco employees are designated Disaster Service Workers through state and local law (California Government Code Section 3100-3109). Employment with the City requires the affirmation of a loyalty oath to this effect. Employees are required to complete all Disaster Service Worker-related training as assigned, and to return to work as ordered in the event of an emergency. 

Conclusion

Terms of Announcement:

Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at www.jobapscloud.com/sf

Requests:

Applicants with disabilities who meet the minimum eligibility requirements for this job announcement can find information on requesting a reasonable ADA Accommodation at: http://sfdhr.org/information-about-hiring-process#applicantswithdisabilities

General Information concerning City and County of San Francisco Employment Policies and Procedures: Important Employment Information for the City and County of San Francisco can be obtained at http://sfdhr.org/information-about-hiring-process or hard copy at 1 South Van Ness Avenue, 4th Floor.

Copies of Application Documents:

Applicants should keep copies of all documents submitted, as these will not be returned.

Right to Work:

All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States. Please be informed that the Department of Technology will not sponsor visa applications/transfer.

Issued: February 20, 2020

Micki Callahan

Human Resources Director

Recruitment ID Number: PEX-1044-903996

DT/CW/628-652-5045

Benefits

All employees hired on or after January 10, 2009 will be required (pursuant to San Francisco Charter Section A8.432) to contribute 2% of pre-tax compensation to fund retiree healthcare. In addition, most employees are required to make a member contribution towards retirement, ranging from 7.5%-13.25% of compensation. For more information on these provisions, please contact the personnel office of the hiring agency. 

For more information about benefits, please click here.

 


Click on a link below to apply for this position:

Fill out the Supplemental Questionnaire and Application NOW using the Internet.
View and print the Supplemental Questionnaire. This recruitment requires completion of a supplemental questionnaire. You may view and print the supplemental questionnaire here.

Powered by JobAps