Serve as the primary owner and point-of-contact for all Active Directory infrastructure, strategy, and operations across on-premises and cloud environments.
Architect and govern enterprise Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), DNS, and DHCP, PKI, ensuring high availability, disaster recovery readiness, and security at scale.
Drive the adoption and optimization of Microsoft Entra ID security features, including Conditional Access, Identity Protection, Identity Governance, Workload Identities, and Entra Permissions Management.
Govern Entra ID external collaboration and application identity, including cross-tenant access policies, B2B guest account lifecycle, app registration and enterprise application management, API permission and consent policy governance, and service principal security and credential rotation.
Manage hybrid Active Directory environments, including Azure AD Connect / Cloud Sync configuration, seamless SSO, pass-through authentication, and directory synchronization health monitoring.
Design and enforce Group Policy architecture at scale, including GPO lifecycle management, security baselines, and policy inheritance strategies across complex OU structures.
Establish and enforce identity security best practices, policies, and standards across the organization in alignment with zero trust principles and AD tiering models (Enhanced Security Admin Environment).
Oversee Kerberos, NTLM, LDAP, and certificate-based authentication protocols, driving migration away from legacy protocols toward modern authentication standards.
Lead AD Forest and domain trust management, replication topology optimization, Sites and Services configuration, and schema extension governance.
Partner with Security, Compliance, and Risk teams to ensure identity infrastructure meets regulatory and audit requirements, including SOX, NIST, and industry-specific mandates.
Oversee incident response, disaster recovery, and root cause analysis for identity-related security events, AD replication failures, and service disruptions.
Evaluate emerging identity technologies and industry trends including passwordless authentication, decentralized identity, and AI-driven threat detection to inform strategic planning and investment decisions.
Required Qualifications
10+ years of progressive experience in IT infrastructure with a focus on Active Directory and identity management, including at least 5 years in an architect or senior engineering capacity.
Deep fluency in authentication and federation protocols, including SAML, OAuth 2.0, OpenID Connect, WS-Federation, Kerberos, LDAP, and NTLM, with a track record of migrating environments away from legacy protocols.
Experience implementing passwordless authentication strategies, including FIDO2, Windows Hello for Business, and certificate-based authentication via PKI.
Hands-on experience with Active Directory security assessment and hardening tools such as BloodHound, PingCastle, and Purple Knight for attack path analysis and security posture e
Benefits
Health insuranceFlexible scheduleEquity / stock options
Additional Information
Blackstone is the world's largest alternative asset manager. We seek to create positive economic impact and long-term value for our investors, the companies we invest in, and the communities in which we work. We do this by using extraordinary people and flexible capital to help companies solve problems. Our $1.1 trillion in assets under management include investment vehicles focused on private equity, real estate, public debt and equity, infrastructure, life sciences, growth equity, opportunistic, non-investment grade credit, real assets and secondary funds, all on a global basis. Further information is available at www.blackstone.com . Follow @blackstone on LinkedIn , X , and Instagram .
Role Overview
The Vice President Workforce Identity and Directory Services serves as the primary owner of all Active Directory related infrastructure and strategy. This role leads the design, governance, and modernization of the enterprise identity platform across on-premises, hybrid, and cloud environments. The VP is responsible for developing long-term technology roadmaps, driving security best practices, and partnering with Security, Infrastructure, and Application teams to deliver scalable, resilient identity services aligned with business objectives.
Blackstone · Miami