Job Description: Directory Services Architect
LOCATION: VISAKHAPATNAM, INDIA
EXPERIENCE: 8–10 YEARS
JOB TYPE: FULL-TIME
About EISAI GDBT-GCC
EISAI Global Digital Business Transformation (GDBT) Centre in Vizag is a global capability hub delivering
enterprise IT services across EISAI regions. The centre designs, builds, and operates secure, scalable, and cost optimized global platforms supporting our human healthcare (HHC) mission.
About the Role
As a Directory Services Architect at EISAI GDBT GCC, you will lead the architecture, design, and governance of
enterprise identity platforms. You will define the strategic direction for Active Directory, Microsoft Entra ID,
and Privileged Access Management. The role focuses on scalability, security, Zero Trust alignment, and cloud first identity architecture.
Key Responsibilities
Identity & Directory Architecture
• Define and own the enterprise identity architecture for Active Directory, Entra ID, and hybrid identity.
• Design multi-forest, multi-tenant, and hybrid identity models aligned with business and security
requirements.
• Lead domain and forest consolidation, migration, and modernization initiatives.
• Establish directory service standards, reference architectures, and design patterns.
Entra ID & Cloud Identity
• Architect enterprise-scale Microsoft Entra ID environments with high availability and resilience.
• Define Conditional Access, MFA, Identity Protection, and Zero Trust policies.
• Design RBAC models, administrative units, and scoped role assignments.
• Lead application onboarding architecture using OIDC, OAuth 2.0, SAML, WS-Federation, and SCIM.
Privileged Access & CyberArk
• Architect and govern Privileged Access Management (PAM) using CyberArk (PAS, PSM, PTA, EPM).
• Define Just-in-Time (JIT) privileged access models aligned with least-privilege principles.
• Design privileged credential vaulting, rotation, and session monitoring strategies.
• Integrate CyberArk with Active Directory and Entra ID for end-to-end privileged identity lifecycle
management.
Identity Governance & Security
• Define Identity Governance frameworks, including access reviews, entitlement management, and
lifecycle workflows.
• Architect external identity (B2B/B2C) collaboration and secure guest access models.
• Establish security guardrails, audit logging, monitoring, and compliance controls.
• Align identity architecture with regulatory, audit, and compliance standards.
Hybrid Identity & Integration
• Architect directory synchronization strategies using Entra Connect / Azure AD Connect.
• Define coexistence and cut-over strategies for legacy IAM and federated services.
• Design PKI, certificate, and Kerberos authentication architectures.
Architecture Governance & Leadership
• Produce solution designs, reference architectures, and architecture decision records (ADRs).
• Conduct architecture reviews, risk assessments, and design validations.
• Provide technical leadership and mentorship to identity engineering teams.
• Collaborate with Security, Cloud, Infrastructure, and Application teams to ensure alignment.
• Guide automation strategy using PowerShell, Microsoft Graph API, and DevOps pipelines.
Required Skills
• Expert-level knowledge of Active Directory, DNS, Group Policy, and hybrid identity design.
• Deep expertise in Microsoft Entra ID, Conditional Access, and Zero Trust architecture.
• Strong hands-on architectural experience with CyberArk PAM solutions.
• Deep understanding of one of the M365 service like Exchange Online, SharePoint Online, Teams and etc
• Expertise in privileged identity governance and access models.
• Strong understanding of PKI, certificates, and Kerberos authentication.
• Proficiency in PowerShell and API-driven automation.
• Experience designing secure, scalable enterprise identity platforms.
Preferred Skills
• Working experience in Microsoft 365 Suite services like SharePoint, Teams, Exchange Online etc.
• Experience with Microsoft Identity Manager (MIM) or similar lifecycle tools.
• Exposure to SIEM integration and security monitoring for identity systems.
• Experience with Delinea, ADFS, or other enterprise IAM/PAM platforms.
• Knowledge of multi-forest and complex hybrid identity environments.
Education & Certifications
• Bachelor’s degree in computer science, IT, or related field.
• Microsoft Certified: Identity and Access Administrator Associate preferred.
• Microsoft 365 Certified: Enterprise Administrator Expert preferred.
• CyberArk Certification is a plus.