About the role
This role is four days onsite at our Seneca One Buffalo, NY location, with the flexibility to work from home one day per week
Overview
- Responsible for designing, securing, and operating Microsoft Active Directory Domain Services (AD DS) in regulated, high-availability environments. Acts as knowledge resource for and trains less experienced engineers. Completes day-to-day support activities and special projects. Primary Responsibilities Enterprise Active Directory Architecture
- Proven expertise supporting large-scale, Tier‑1 identity infrastructures with strict uptime, latency, and change‑control requirements
- Strong experience with Multi-domain and multi-forest designs aligned to business units, regions, or regulatory boundaries Forest and external trusts supporting M&A, joint ventures, and third-party integrations FSMO role placement optimized for resilience and auditability Advanced understanding of Active Directory–integrated DNS, split‑brain DNS, and secure name resolution models Hybrid Identity & Microsoft Entra ID (Azure AD) Extensive experience integrating on-prem AD with Microsoft Entra ID in regulated financial environments
- Hands-on implementation of Entra Connect (Cloud Sync and Traditional) Password Hash Sync, Pass-through Authentication, and Federation
- Strong experience with Conditional Access aligned to regulatory and risk-based controls Hybrid Join, Entra ID Join, and legacy device coexistence Understanding of identity lifecycle controls to support joiners, movers, leavers, and separation-of-duties requirements Security, Compliance & Risk Controls Expert-level knowledge of Active Directory security hardening in financial services, including: Tiered administrative model (Tier 0/1/2) Dedicated admin forests or hardened admin boundaries (where applicable) Privileged Access Workstations (PAWs) / Secure Admin Workstations
- Experience enforcing least privilege, role separation, and dual‑control models Deep familiarity with threats targeting financial institutions Credential theft, Kerberoasting, Pass-the-Hash/Ticket Delegation and ACL abuse
- Hands-on experience with Privileged Identity Management (PIM) Regular access reviews and entitlement recertification
- Strong alignment with Zero Trust and defense-in-depth identity strategies Regulatory & Audit Readiness Demonstrated experience supporting audits and controls for financial regulations and frameworks, such as: SOX, GLBA, PCI DSS, SOC 2 Internal risk management and model governance requirements Ability to design AD environments that support
- Strong logging and traceability Tamper-resistant audit logs Evidence generation for internal and external auditors Automation & PowerShell Advanced PowerShell expertise for Controlled, auditable administrative changes Automated provisioning/deprovisioning aligned to compliance workflows Identity reporting for risk, security, and audit teams
- Experience building automation that integrates with Change management processes IAM, ticketing, and security tooling Operations, Resilience & Recovery Deep experience managing AD replication topology across data centers and regions SYSVOL (DFSR) health and recovery Latency-sensitive authentication dependencies
- Strong understanding of AD backup, recovery, and authoritative restore procedures Identity disaster recovery scenarios with defined RTO/RPO
- Experience implementing monitoring and alerting with a focus on early risk detection Leadership & Governance Acts as technical authority and escalation point for all directory and identity services Defines and enforces Enterprise identity standards Secure configuration baselines Operational runbooks and procedures Partners closely with Information Security and IAM teams Risk, audit, and compliance stakeholders Infrastructure, cloud, and application teams Mentors engineers and reviews designs from a security and risk-first perspective Education and
- Experience Required Bachelor's degree and a minimum of 5 years’ relevant work experience, or in lieu of a degree, a combined minimum of 9 years’ higher education and/or work experience Education and
- Preferred Advanced understanding of the security system development and infrastructure lifecycle and architecture, and systems design
- Proven experience with the development and customization of tools utilized in assigned Cybersecurity function Demonstrated ability to translate architecture into technical requirements Proficient level of critical thinking and problem solving ability Excellent communication and interpersonal skills
- Experience partnering with leaders to design solutions to business needs. Proficient persuasive communication skills to gain buy-in of others
- Strong ability to analyze and draw reliable conclusions based on large volumes of quantitative data from diverse sources Ability effectively serves in indirect leadership role #LI-JB3 #Hybrid M&T Bank is committed to fair, competitive, and market-informed pay for our employees. The pay range for this position is $116,400.00 - $194,000.00 Annual (USD). The successful candidate’s particular combination of knowledge, skills, and experience will inform their specific compensation. Location Buffalo, New York, United States of America Great companies have an enduring sense of purpose. At M&T, our purpose is a simple one: make a difference in people’s lives and uplift the communities we serve. M&T Bank Corporation is a financial holding company headquartered in Buffalo, New York. M&T’s affiliates offer advice, guidance, expertise and solutions across the entire financial spectrum, combining M&T Bank’s traditional banking services with the wealth management and institutional capabilities offered by Wilmington Trust. M&T Bank has a network of over 1,000 branches and 2,200 ATMs that span 12 states from Maine to Virginia and Washington, D.C. For more than 165 years, M&T has strived to take an active role in our communities and build long-lasting relationships with our customers. We are a bank for communities—combining the capabilities of a large bank with the care of a locally focused institution. As an employer of choice, we are proud to offer competitive benefits ranging from medical and retirement to forty hours of paid volunteer time, each year. Our core values – integrity, ownership, collaboration, curiosity, and candor – drive the work we do. We seek to further build upon our record of success by bringing in top talent and fresh skill sets while continuing to support the growth and development of all our team members. View M&T’s Human Capital Report to learn more. Ready to join our team? Submit your application today! If you are unable to apply through this site due to technical issues or need an accommodation to apply, please contact us at careersitesupport@mtb.com for assistance. M&T Bank is unwavering when it comes to providing equal employment opportunities to all employees and applicants without regard to race, color, national origin, religion, ethnicity, sex, gender identity, age, disability, citizenship, pregnancy, veteran status, military status, marital status, sexual orientation, genetic information or any other characteristic protected under applicable federal, state or local laws. M&T Bank Corporation has policies and procedures in place to promote a drug free workplace. Career Site Privacy Notice