Sr Cloud Engineer

Hybrid: 2-3 days in NYC

RESPONSIBILITIES:

Identity & Authentication:

• Owns and evolves the Firm's Microsoft Entra ID and hybrid identity environment, including Conditional Access, Enterprise Applications, and SSO across SAML and OIDC-integrated applications;

• Designs and maintains authentication and access controls, including MFA, passwordless authentication, Windows Hello for Business, certificate-based authentication, and administrative account segmentation;

• Manages privileged access controls, including role-based access, PIM, and related administrative security standards;

• Leads the transition from legacy authentication models to cloud-first identity, including migration of ADFS-integrated applications, adoption of Password Hash Sync where appropriate, and significant reduction of legacy authentication dependencies; and

• Improves visibility, monitoring, and security controls across the identity platform, in partnership with IT Security.

Cloud & Core Infrastructure:

• Leads Active Directory upgrades and improvements, including domain and forest planning, domain controller lifecycle management, replication health, and related directory services;

• Maintains and optimizes core infrastructure services including Active Directory, PKI, DNS, DHCP, and Client/DFSR; and

• Contributes to broader infrastructure initiatives, including NetApp storage optimization and NFS modernization, and supports VMware-based hybrid infrastructure where needed.

Automation & Engineering:

• Builds and maintains PowerShell automation for identity, infrastructure, and operational workflows;

• Develops scripts and integrations using Microsoft Graph API for provisioning, reporting, and administrative tasks; and

• Maintains clear technical documentation, standards, and runbooks to support operations and project delivery.

Technical Leadership & Operations:

• Acts as a technical lead on identity and infrastructure projects from design through post-implementation review;

• Partners with Security, Application Development, and Operations teams to deliver secure, practical solutions;

• Troubleshoots complex authentication, access, and hybrid identity issues in a 24/7 production environment;

• Takes ownership of high-priority and unplanned work and drives issues through to resolution with minimal oversight;

• Participates in an on-call rotation and provide after-hours support when needed; and

• Performs additional duties as assigned.

QUALIFICATIONS:

• Bachelor's degree or equivalent practical experience;

• 10+ years of experience supporting Microsoft-based enterprise environments, with a strong focus on identity, authentication, and directory services;

• Strong hands-on experience with Azure, Microsoft Entra ID, hybrid identity, Conditional Access, SSO, Intune, and Active Directory;

• Hands-on experience with PowerShell, Microsoft Graph API, and Azure-based identity and hybrid connectivity services;

• Experience leading complex infrastructure, identity, or modernization initiatives in production environments;

• Solid understanding of identity security, privileged access, and Zero Trust concepts;

• Ability to work through ambiguity, manage competing priorities, and make sound technical decisions in a fast-paced environment;

• Experience with VMware and NetApp is a plus;

• Microsoft Azure Administrator (AZ-104) and other relevant Microsoft identity or security certifications are preferred;

• Strong communication skills and the ability to work effectively across technical and non-technical teams; and

• Ability to work additional hours as needed, including nights and weekends.