Principal Active Directory Engineer

    • Santa Clara, CA

Our Mission

At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age by preventing successful cyberattacks. It’s not a small goal. It isn’t simple either, but we aren’t in this for the easy answer. As a company with a foundation in challenging the way things are done, we’re looking for innovators with a dedication to best. In return, your career will have a tangible impact – one that's working toward technology that affects every level of society.

Our mission doesn’t happen by treading softly – no, it happens by defining an industry. It means building products that haven't been thought of. It means selling products with a solutions mindset. It means supporting the infrastructure of a company that moves at an incredible speed – intentionally – to stay ahead of the world’s next cyberthreat.


Palo Alto Networks is looking for a talented senior Principal Systems Engineer with a mix of software and systems knowledge who will be responsible for overall supportability and maintainability of our Windows Active Directory infrastructure and other critical foundational services. As a member of a senior technical staff consisting of authorities in many adjacent areas (Cloud Infrastructure, Linux, VMWare, SQL, Storage, Identity services), you will be part of our next generation IT Infrastructure team.

You are passionate about an operations role that involves deep knowledge of both the application and the product and also believe that automation is a key component to operating large-scale systems.

Fast-paced, fast-changing and unpredictable defines our information technology team. We are looking for analytical, agile, and influential individuals who can quickly deliver meaningful results and solutions with the flexibility to accommodate evolving business needs and shifting priorities.

 Your Impact

  • Enable, drive roadmap and support the global Windows server environment both in cloud and data center, including FedRAMP infrastructure
  • Define and drive roadmap for Active Directory (AD) environment with multiple domains
  • Continually review and improve the security posture of AD. Ensure all gaps are remediated within SLAs
  • Find opportunities to automate while strengthening the security posture of Active Directory, design, implement, and support Group Policies
  • Evaluate current state architecture and design solutions for the Directory technologies
  • Work with multiple IT teams to support integration with AD and Windows infrastructure
  • Fulfill service requests and resolve incidents related to Directory Services
  • Acting as an internal consultant to IT teams for Directory related solutions
  • Support privileged access management tools and processes to ensure “least privilege” model is applied
  • Enable and support Microsoft Public Key Infrastructure (PKI) environment
  • Providing solutions to identity related problems that meet both security and operational objectives
  • Communicate precisely and effectively with key stakeholders
  • Create standard methodology practices and take charge of build decisions, infrastructure and systems software design on larger, more complex systems to achieve strategic objectives
  • Execute Detail Design tasks, create associated work and advise on right-sizing decisions for infrastructure, software solutions, and services
  • Automate monitoring and other workflow processes to increase efficiencies for projects and operations
  • Performs repairs, maintenance and upgrades of existing systems using solutions in accordance with standard operating procedures. Investigates and resolves matters of significance
  • Provide L3 (Highest level) of technical support by handling systems-related issues

 Your Experience

  • BA/BS in Computer Science, Information Technology or the equivalent combination of work experience
  • US citizen with the ability to work on Federal environments
  • 10+ years of experience in system administration, design, and architecting
  • Knowledge in the following areas: Windows Server (deployment and automation), Active Directory (Federation Services, replication, site configuration, GPO), DNS, operations, and security best practices
  • Experience with a wide range of Windows Versions (2008-2019)
  • Automation using PowerShell, Ansible or similar configuration management tool to handle infrastructure as code
  • Experience with automated monitoring systems and technologies, with practical knowledge of SCCM and automated patching procedures
  • Understand how to monitor and interpret specific server performance metrics
  • Deep knowledge of Active Directory Management and deployment
  • Experience crafting, developing, and maintaining complex scripts using common Windows scripting platforms (PowerShell, VBScript, Batch, etc.) PowerShell scripting concepts (ability to develop, read and modify existing scripts), SQL, and Python
  • Experience (10+ years) in implementing and supporting Microsoft Windows technologies (2008-2019 Server Operating Systems)
  • Deep understanding of development and implementation of GPOs, Server hardening and Microsoft Clustering technologies
  • Deep knowledge of Windows Server and cluster management
  • Awareness of Microsoft and industry Best Practice for Active Directory and Exchange configuration
  • Experience working with cloud environments such as Google Cloud Platform, AWS, and Azure
  • Experience in working with various block/file storage arrays and iSCSI based Storage Area Networks (Fabric Management)
  • Understanding of Network, Firewalls, load balancers, and complex network designs
  • Experience with Centrify Privileged Access Management is a plus

The Team

Working at a high-tech cybersecurity company within Information Technology is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, creating, building, and supporting tools and that enable our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving technical gaps that inhibit productivity.

Our Commitment  

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together. To learn more about our dedication to inclusion and innovation, visit our Life at Palo Alto Networks page and our diversity website.  

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace and provide equal consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other applicable legally protected characteristics. 

Additionally, we are committed to providing reasonable accommodations for all qualified individuals. If you require assistance or an accommodation due to a disability or special need, please contact us at 


Back to top