Senior Microsoft Infrastructure Engineer

FlexTrade Systems is a financial technology Software Company headquartered in Great Neck, New York. We are celebrating 30 years as an industry pioneer and a global leader in broker-neutral trading platforms for equities, foreign exchange, options, futures, and fixed income. FlexTrade has 500+ employees across 10+ offices in North America, Europe, and Asia, and a worldwide client base both from Buy Side and Sell Side business. It is an exciting time to join FlexTrade. Each line of business and region is at a different growth phase. Across its functional teams, FlexTrade is taking bold steps to transform its business and approach to positioning itself for the next growth phase.

The Team

Our Microsoft and Citrix Engineering team supports a global enterprise environment across multiple regions and offices. The team is responsible for the architecture, engineering, security, automation, and operational stability of core Microsoft and Citrix infrastructure services in a fast-paced, high-availability environment.

About You

We are seeking a Senior Microsoft Infrastructure Engineer with deep hands-on expertise in Windows Server, Active Directory, DNS, Group Policy, hybrid Microsoft environments, and enterprise infrastructure architecture.

This role is for a senior engineer who can do more than maintain systems. You will help design, modernize, secure, and automate core Microsoft infrastructure across a globally distributed organization. The right candidate will have strong architectural judgment that follows leading practices for a medium/large business, a deep understanding of enterprise identity and directory services, and proven experience supporting large environments with 2,000+ user accounts across multiple locations or regions.

You should be comfortable working across both engineering and operations, leading infrastructure improvements, advising on leading practices, solving complex escalations, and building scalable, secure standards for the organization.

Key Responsibilities

· Design, implement, and support enterprise Microsoft infrastructure with a focus on:

o Active Directory Domain Services

o Group Policy

o DNS and name resolution architecture

o Windows Server platforms

o PKI/Certificate Services

o Hybrid identity and hybrid Windows domain architecture

· Lead the design and ongoing improvement of Active Directory forests, domains, trusts, sites, Organizational Units (OUs), delegation models, and replication topology according to leading practices.

· Own and improve AD hygiene and cleanup.

· Design and maintain secure domain trust relationships, authentication flows, and identity boundaries across business units, regions, and hybrid environments.

· Define and enforce Group Policy leading practices, including secure baseline configurations, policy standardization, lifecycle management, testing, change control, and troubleshooting.

· Architect and support DNS infrastructure across multiple subdomains and locations, including integration with Active Directory, conditional forwarding, split-brain DNS considerations, resiliency, and troubleshooting of complex name resolution issues.

· Build and support hybrid Microsoft environments, including integration between on-premises Windows infrastructure and Azure-based services.

· Implement and support secure Microsoft platforms with strong knowledge of authentication protocols, encryption ciphers and cryptographic standards, certificate lifecycle management, hardening practices, just-in-time access, and similar functions.

· Engineer, maintain, and improve ADCS / Microsoft Certificate Services and broader PKI-related services for internal enterprise use.

· Use PowerShell and automation tools to reduce manual work, improve consistency, accelerate deployments, and strengthen operational reliability across the server estate.

· Develop repeatable infrastructure standards, scripts, and automation for common functions.

· Support and improve Windows infrastructure in VMware-based environments; familiarity with Citrix is highly preferred.

Work closely with security, networking, cloud, and operations teams to design resilient and secure enterprise solutions.

· Provide senior-level troubleshooting and root cause analysis for complex issues involving identity, authentication, policy, DNS, replication, certificates, and hybrid connectivity.

· Create and maintain clear technical documentation, architecture diagrams, support standards, and operational procedures.

· Serve as a technical leader and escalation point for Microsoft infrastructure engineering across the organization.

• Bachelor’s degree in computer science, information systems or related field

• 10+ years’ experience in designing, administering, and supporting enterprise Microsoft Infrastructure

• Deep hands-on expertise with:

  • Microsoft Windows 2016, 2019, 2022 and 2025

  • Active Directory Domain Services (Forest and domains, trust relationships, FSMO roles and replications)

  • DNS

  • Group Policy

  • PowerShell

  • Enterprise Windows Security

• Deep experience in design/implementation/support of Windows Active Directory (AD) services, FSMO, DNS, replication etc.

• Experience with AD GPO, AppLocker and secure configurations management

• In-depth knowledge of implementing and supporting distributed Windows Certification Authority infrastructure (ADCS)

• Experience/implementing Just In Time access

• Experience in managing vulnerabilities across a Global Windows server estate

• Experience of VMware virtualization platforms

• A knowledge of scripting (PowerShell preferred) and performing tasks remotely through automation

• Experience with monitoring and automation tools

• Proven ability to communicate professionally in a corporate environment

• Knowledge of Jira/Confluence and ServiceNow would be advantageous

• Knowledge of TCP/IP, VLANs and network routing principles

• Knowledge of IT Service Management principles, ideally ITILv3/4 certified

• MCSE, or equivalent senior-level Microsoft infrastructure certification background and other industry-leading certifications in security and cloud.

**FlexTrade Systems, Inc. does not accept unsolicited resumes from search firm recruiters. Fees will not be paid in the event a candidate submitted by a recruiter without an authorized agreement for a particular SOW (Statement of Work) in place is hired: such resumes are deemed the sole property of FlexTrade Systems, Inc.**

**FlexTrade Systems, Inc. is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.**