Principal Engineer - Platform Services

Are you interested in being part of an innovative team that supports Westinghouse's mission to provide clean energy solutions? At Westinghouse, we recognize that our employees are our most valuable asset and we seek to identify, attract and recruit the most qualified talent while recognizing and encouraging the value of diversity in the global workplace. 

Reporting to the Platform Services Supervisor (Wintel), the Principal Engineer – Platform Services focuses on Active Directory. As the senior hands-on technical authority, you will oversee engineering, securing, and maintaining the enterprise Active Directory and Windows identity platforms. You will provide deep technical expertise across AD DS, Azure AD/Entra ID, Group Policy, DNS/DHCP, PKI, Tier‑0/Tier‑1 privileged infrastructure, and directory‑integrated authentication services.

Operating within a Plan–Build–Run model, the Principal Engineer designs, implements, and improves Active Directory and identity services setting technical standards through practice and execution.

You will focus on delivering secure, scalable, and reliable directory solutions while reducing technical debt, modernizing legacy components, and ensuring platforms are supportable at global scale.

Responsibilities:

• Technical Leadership & Oversight

  • Partner with global resources on global architecture, engineering, and lifecycle management of:

    • Active Directory Domain Services (AD DS) forests and domains

    • Azure AD/Entra ID hybrid identity

    • Group Policy (GPO) architecture and governance

    • DNS, DHCP, WINS (where applicable)

    • Enterprise PKI and certificate services

    • AD replication, site topology, and domain controller placement

    • Authentication and federation services

  • Develop and maintain global standards for AD security, domain hardening, Tier‑0 controls, and privileged access.

  • Provide engineering oversight for AD lifecycle management, ensuring consistent implementations, modernization alignment, and technical debt reduction.

  • Design and maintain hybrid identity integrations between on‑prem and cloud services.

  • Identify architectural risks, systemic constraints, and long‑term scalability gaps, driving efforts to eliminate them.

  Strategic Engineering & Modernization

  • Guide enterprise identity modernization programs, translating strategic goals into concrete engineering solutions, including:

    • Legacy GPO, DNS, and domain topology rationalization

  • Develop processes for Domain controller OS upgrades and AD platform standardization across the enterprise.

  • Lead the decommissioning of obsolete or insecure protocols aligned with CIS baselines.

  • Promote the use of modern authentication standards, Conditional Access, and MFA patterns.

  • Establish future‑state identity architectures that align with zero‑trust principles, cloud adoption, and evolving security requirements.

  Stakeholder & Cross‑Functional Collaboration

  • Be a primary subject matter expert for Active Directory services across infrastructure, security, cloud, and application teams.

  • Collaborate with security teams on future identity governance projects.

  • Partner with Build teams to ensure new systems follow identity standards and are supportable.

  • Partner with application teams to standardize AD‑integrated services, LDAP usage and service account models according to enterprise identity architecture.

  • Support audit, compliance, and risk teams by providing evidence and technical expertise for identity controls.

  • Represent Active Directory interests in enterprise project planning, architecture reviews, and change advisory boards.

Qualifications:

• BS in Information Systems or similar degree or equivalent experience

• 5+ years experience in varying IT infrastructure or application roles with at least 3 years dedicated to Active Directory engineering.

• Strong PowerShell automation experience.

• Proven ability to collaborate within a global team of IT infrastructure engineers.

• Experience diagnose and resolve complex, multi-layer identity issues.

• Demonstrated experience in defining engineering standards and long-term strategies.

• Strong ownership mindset with deep experience operating Tier‑0 critical services

• Experience in working effectively in highly complex, global environments.

  • Advanced knowledge of at least 4 of the following areas:

    • Active Directory architecture, trusts, replication, sites, and security

    • Azure AD/Entra ID hybrid identity

    • Authentication protocols such as Kerberos, NTLM, LDAP, SAML, OAuth, etc.

    • GPO design, delegation, and configuration management

    • DNS/DHCP architecture within enterprise AD ecosystems

    • PKI certificate services and certificate lifecycle management

• Certificates:

  • ITIL Foundations (Preferred)

  • Windows Server Hybrid Administrator

  • Identity & Access Administrator

  • Azure Administrator or Architect

We are committed to transparency and equity in all of our people practices. The base salary range for this position, which is dependent upon experience, qualifications and skills, is estimated to be 13,916 to 17,350 PLN gross per month. In addition to the base pay, this role may be eligible for incentive pay based on company and individual performance.

#LI-Hybrid

Why Westinghouse?

Westinghouse Electric Company is the global nuclear energy industry's first choice for safe, clean, and efficient energy solutions. We enable our delivery of this vision by living our value system: 

• Safety and Quality 
• Integrity and Trust 
• Customer Focus and Innovation 
• Speed and Passion to Win 
• Teamwork and Accountability 

Westinghouse offers great benefits to all our employees around the globe to keep them healthy and enhance their well-being.  

Benefits offered in Poland include:

• Stable employment
• Outstanding and supportive atmosphere of collaboration in the team and in Westinghouse group
• Attractive remuneration with bonuses
• Hybrid model of work, flexible working time
• MyBenefit Cafeteria
• Life insurance
• Private Medical Care
• Private Group Insurance
• Employee Assistance Program: confidential counseling and resources for employees, eligible dependents, and household members
• Charity initiatives
• Parking space for employees
• Employee referral program

You can learn more about Westinghouse by visiting http://www.westinghousenuclear.com. 

Westinghouse is an Equal Opportunity Employer including Veterans and Individuals with Disabilities.

Get connected with Westinghouse on social media: Twitter | Facebook | LinkedIn| YouTube