Senior Cloud Engineer

Senior Cloud Engineer (Azure) - Hybrid in NYC (No Sponsorship)

Hybrid: 2-3 days in NYC

• Owns and evolves the Firm's Microsoft Entra  hybrid identity environment, including Conditional Access, Enterprise Applications, and SSO across SAML and OIDC-integrated applications;
• Designs and maintains authentication and access controls, including MFA, passwordless authentication, Windows Hello for Business, certificate-based authentication, and administrative account segmentation;
• Manages privileged access controls, including role-based access, PIM, and related administrative security standards;
• Leads the transition from legacy authentication models to cloud-first identity, including migration of ADFS-integrated applications, adoption of Password Hash Sync where appropriate, and significant reduction of legacy authentication dependencies; and
• Improves visibility, monitoring, and security controls across the identity platform, in partnership with IT Security.

• Leads Active Directory upgrades and improvements, including domain and forest planning, domain controller lifecycle management, replication health, and related directory services;
• Maintains and optimizes core infrastructure services including Active Directory, PKI, DNS, DHCP, and Client/DFSR; and
• Contributes to broader infrastructure initiatives, including Net App storage optimization and NFS modernization, and supports VMware-based hybrid infrastructure where needed.
• Builds and maintains Power Shell automation for identity, infrastructure, and operational workflows;
• Develops scripts and integrations using Microsoft Graph API for provisioning, reporting, and administrative tasks; and
• Maintains clear technical documentation, standards, and runbooks to support operations and project delivery.

• Acts as a technical lead on identity and infrastructure projects from design through post-implementation review;
• Partners with Security, Application Development, and Operations teams to deliver secure, practical solutions;
• Troubleshoots complex authentication, access, and hybrid identity issues in a 24/7 production environment;
• Takes ownership of high-priority and unplanned work and drives issues through to resolution with minimal oversight;
• Participates in an on-call rotation and provide after-hours support when needed; and
• Performs additional duties as assigned.

• Bachelor's degree or equivalent practical experience;
• 10+ years of experience supporting Microsoft-based enterprise environments, with a strong focus on identity, authentication, and directory services;
• Strong hands-on experience with Azure, Microsoft Entra , hybrid identity, Conditional Access, SSO, Intune, and Active Directory;
• Hands-on experience with Power Shell, Microsoft Graph API, and Azure-based identity and hybrid connectivity services;
• Experience leading complex infrastructure, identity, or modernization initiatives in production environments;
• Solid understanding of identity security, privileged access, and Zero Trust concepts;
• Ability to work through ambiguity, manage competing priorities, and make sound technical decisions in a fast-paced environment;
• Experience with VMware and Net App is a plus;
• Microsoft Azure Administrator (AZ-104) and other relevant Microsoft identity or security certifications are preferred;
• Strong communication skills and the ability to work effectively across technical and non-technical teams; and
• Ability to work additional hours as needed, including nights and weekends.