Senior Cloud Engineer I
United States of America
Full Time
2 weeks ago
$140,000 - $164,000 USD
No H1B
Key skills
Microsoft 365 administrationEntra ID (Azure AD) administrationExchange Online configurationtroubleshootingKusto Query Language (KQL)PowerShell scriptingautomationMicrosoft Graph APIIdentityaccess management SSOaccess management OAuth/OIDCaccess management federationaccess management conditional accessaccess management MFAaccess management privileged identity managementSecuritycompliance in Microsoft 365 DLPcompliance in Microsoft 365 retentioncompliance in Microsoft 365 eDiscoverycompliance in Microsoft 365 auditAzure DevOpsGitHub for CI/CDinfrastructure as codeContainer platforms (Kubernetes/AKS) integration with Entra IDMicrosoft SentinelSIEM platformsAnalytical thinkingPowerShellAnalyticsAWSAzureKubernetesAKSAzure ADEntra IDOAuthIdentity ManagementSSOGitHubCI/CDCritical ThinkingCollaboration
About this role
American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization focused on behavioral and social science research. They are seeking a Senior Cloud Engineer I to lead the design and administration of their Microsoft 365 and Entra ID ecosystem, ensuring secure and optimized cloud collaboration and identity platforms for a diverse workforce.
Responsibilities:
- Design, configure, and administer Microsoft 365 services including Exchange Online, SharePoint Online, OneDrive, Teams, Copilot, and related security/compliance features
- Administer and harden Entra ID (Azure AD), including conditional access, identity protection, app registrations, and role‑based access control
- Own Exchange Online configuration: mail flow, transport rules, connectors, policies, hybrid connectivity (if applicable), and advanced troubleshooting of mail delivery issues
- Use Kusto Query Language (KQL) in tools such as Microsoft 365 Defender, Purview, and Log Analytics to investigate incidents, identify patterns, and develop detection queries and reports
- Collaborate with security and networking teams to implement and maintain security baselines, DLP, retention, eDiscovery, and auditing across the M365 environment
- Develop and maintain automation, scripts, and integrations using PowerShell and Microsoft Graph API to streamline administration, reporting, and provisioning
- Contribute to CI/CD and infrastructure‑as‑code practices (e.g., Azure DevOps, GitHub) for Microsoft 365 configuration and related workloads
- Work with containerized and cloud workloads (e.g., Kubernetes) where they integrate with M365/Entra for identity, security, or application access
- Lead complex incident response and root‑cause analysis for M365 and identity‑related outages or security events
- Produce and maintain technical documentation, standards, runbooks, and architectural diagrams for Microsoft 365 and Entra services
- Mentor junior administrators and provide guidance on best practices, governance, and operational excellence
Requirements:
- Bachelor's degree in Computer Science, Computer Engineering, or related discipline and at least 9 years of relevant experience in the IT industry, or a master's degree with at least 7 years of relevant experience, or at least 15 years of relevant industry experience
- At least 5 years experience of hands‑on administration experience with Microsoft 365 and Entra ID in a mid‑ to large‑enterprise environment
- Effective communicator with demonstrated ability to communicate with and understand the needs of both technical and non-technical internal and external clients
- Demonstrated ability to work well independently, and collaboratively as needed
- Adept in a fast-paced environment to manage multiple concurrent deliveries
- Demonstrated analytical, critical thinking, and problem-solving skills with a focus on detail and high quality
- Demonstrated expert‑level experience with Exchange Online: mail flow troubleshooting, advanced transport configuration, security and compliance policies, and integration with third‑party services
- Strong experience using KQL in Microsoft 365 Defender, Sentinel, or Log Analytics to query logs, create custom detections, and analyze security or operational events
- Deep understanding of identity and access concepts: SSO, OAuth/OIDC, federation, conditional access, MFA, and privileged identity management
- Proficiency with PowerShell for automation, bulk operations, and configuration management in Microsoft 365 and Entra ID
- Solid knowledge of security, compliance, and governance capabilities in M365 (e.g., DLP, retention, eDiscovery, audit, safe links/attachments)
- Exposure to Azure DevOps, GitHub, or similar tools to manage scripts, pipelines, and infrastructure‑as‑code definitions for Microsoft 365
- Familiarity with container platforms (e.g., Kubernetes/AKS) and how they integrate with Entra ID for identity and access control
- Experience using Microsoft Graph API for automation, integration, and advanced reporting scenarios
- Experience with Microsoft Sentinel or similar SIEM platforms for M365 and Entra monitoring and analytics
- Experience with the Varonis platform, AWS, and/or Google Workspace