Senior Active Directory - Cloud Identity Specialist
Company: Bank of America
Location: Boston
Posted on: April 1, 2026
|
|
|
Job Description:
Job Description: At Bank of America, we are guided by a common
purpose to help make financial lives better through the power of
every connection. We do this by driving Responsible Growth and
delivering for our clients, teammates, communities and shareholders
every day. Being a Great Place to Work is core to how we drive
Responsible Growth. This includes our commitment to being an
inclusive workplace, attracting and developing exceptional talent,
supporting our teammates’ physical, emotional, and financial
wellness, recognizing and rewarding performance, and how we make an
impact in the communities we serve. Bank of America is committed to
an in-office culture with specific requirements for office-based
attendance and which allows for an appropriate level of flexibility
for our teammates and businesses based on role-specific
considerations. At Bank of America, you can build a successful
career with opportunities to learn, grow, and make an impact. Join
us! Summary: We are seeking a Senior Directory Services analyst to
modernize our enterprise identity platform across on?prem Active
Directory, LDAP’s, and other cloud-based directories and stores.
The role is focused on securing employee, partner, and application
access in a highly-regulated financial services environment and
will partner closely with security, infrastructure, and application
teams. If you are passionate about identity security and thrive in
high-stakes environments, this role offers the chance to make a
measurable impact on the security posture of a global enterprise.
Key Responsibilities: Lead architecture, engineering, and
operations for Active Directory forests, domains, and Group Policy
in a multi-site, highly regulated environment. Design and drive
adoption of hybrid identity solutions integrating on?prem and
cloud-based services. Implement and optimize authentication and
authorization controls: SSO, MFA, Conditional Access, identity
protection, and modern protocols (SAML, OAuth2, OIDC). Define and
enforce standards for identity lifecycle : joiner/mover/leaver
processes, automated provisioning/deprovisioning, access reviews,
and role-based access control (RBAC). Partner with stakeholders and
business teams to implement least-privilege, privileged access
management (PAM), and Zero Trust-aligned identity controls. Lead
and support AD and identity-related projects : domain/forest
consolidation, mergers/acquisitions, cloud migrations, and
re-platforming. Enhance monitoring, alerting, and reporting for
directory and identity health, security posture, and compliance
(audit trails, SOX, GLBA, PCI, etc.) Develop and maintain scripts
and automation (primarily PowerShell) to drive consistency,
efficiency, and security in identity operations. Serve as a senior
SME and escalation point for complex identity incidents, outages,
and security events. Produce and maintain technical documentation ,
runbooks, standards, and architecture diagrams for AD and cloud
identity services. Mentor and guide junior engineers, analysts, and
admins and contribute to identity and access strategy and roadmap.
Required Qualifications: 10 years of hands-on experience
administering and engineering enterprise Active Directory in a
large, multi-site environment. Strong expertise in: AD
forest/domain design, trusts, DNS, Group Policy, replication, and
AD security hardening. 5 years working with Azure AD/Entra ID and
hybrid identity (synchronization, federation, ADFS or equivalent,
cloud-only and hybrid scenarios). Deep understanding of identity
and access management concepts: authentication, authorization,
RBAC, least privilege, PAM, Zero Trust. Strong experience with MFA,
Conditional Access, SSO, and identity federation using SAML,
OAuth2, and OpenID Connect. Proficiency with PowerShell for
automation, reporting, and bulk operations in AD and Azure AD.
Experience operating in regulated environments (preferably
banking/financial services) with audit, risk, and compliance
requirements. Solid understanding of networking and security
fundamentals (TCP/IP, firewalls, TLS, certificates, PKI as it
relates to identity). Excellent communication skills and ability to
translate technical identity risks and solutions for non-technical
stakeholders. Desired Qualifications: Experience with IAM platforms
such as Okta, Ping, ForgeRock, SailPoint, or similar. Experience
with AWS IAM and/or GCP IAM and integrating them with corporate
identity. Background with PAM solutions (CyberArk,
Delinea/Thycotic, BeyondTrust, Hashi, etc.). Relevant
certifications: Microsoft Certified: Identity and Access
Administrator Associate, Azure Administrator, Security Engineer, or
equivalent. Shift: 1st shift (United States of America) Hours Per
Week: 40 Pay Transparency details US - MA - Boston - 100 Federal St
- 100 Federal St Lp (MA5100), US - NJ - Jersey City - 101 Hudson St
- 101 Hudson (NJ2101) Pay and benefits information Pay range
$135,000.00 - $182,100.00 annualized salary, offers to be
determined based on experience, education and skill set.
Discretionary incentive eligible This role is eligible to
participate in the annual discretionary plan. Employees are
eligible for an annual discretionary award based on their overall
individual performance results and behaviors, the performance and
contributions of their line of business and/or group; and the
overall success of the Company. Benefits This role is currently
benefits eligible. We provide industry-leading benefits, access to
paid time off, resources and support to our employees so they can
make a genuine impact and contribute to the sustainable growth of
our business and the communities we serve.
Keywords: Bank of America, New Bedford , Senior Active Directory - Cloud Identity Specialist, IT / Software / Systems , Boston, Massachusetts
