Infrastructure Engineer

About The Position

Requirements

• Expert level experience administering Entra ID, including tenant configuration, identity settings, and access policy management.
• Expert level experience designing and maintaining Conditional Access policies aligned to risk-based access and least privilege principles.
• Strong experience delivering and operating SSO and MFA at enterprise scale.
• Strong experience configuring Entra ID Enterprise Applications, including assignment scoping and permission governance.
• Experience governing Microsoft Graph API permissions, including scoping, consent workflows, and least privilege controls.
• Hands-on experience administering Zscaler ZPA.
• Working knowledge of OAuth, OpenID Connect, SAML, and LDAP.
• Working knowledge of networking fundamentals related to authentication and access control.
• Strong troubleshooting skills across authentication, authorization, and access flows.
• Bachelor’s degree in Computer Science, Information Technology, or equivalent practical experience.
• 5+ years of experience in Identity and Access Management or closely related infrastructure or security roles.
• Demonstrated ability to lead cross-functional initiatives while remaining hands-on technically.

Nice To Haves

• Familiarity with Microsoft Intune.
• Familiarity with Microsoft Purview.
• PowerShell scripting and automation experience.

Responsibilities

• Design, implement, and operate enterprise identity and access management solutions aligned with zero trust, least privilege, and risk-based access principles.
• Define, maintain, and enforce standards for SSO, MFA, Conditional Access, and access governance across cloud and on-premises systems.
• Serve as the technical authority for identity-driven access patterns, authentication architectures, secure access workflows, and identity lifecycles.
• Administer Entra ID environments, including tenant configuration, identity settings, and access policies.
• Design, implement, and manage Conditional Access policies based on user risk, device posture, and access context.
• Deliver and operate SSO integrations for SaaS and internal applications, including onboarding, testing, rollout, troubleshooting, and ongoing support.
• Configure and manage Entra ID Enterprise Applications, including assignment scoping, permission governance, and access models.
• Govern Microsoft Graph API access, including permission scoping and consent workflows.
• Administer Zscaler ZPA for private application access, connectivity policies, and operational support, partnering with application owners to enable secure access.
• Administer and support Meraki switching and wireless access points, including configuration, monitoring, and lifecycle management.
• Manage network access controls and firewall policies using FortiGate to support identity-aware access.
• Troubleshoot network connectivity and access issues across wired, wireless, and remote access environments, collaborating with security and infrastructure teams as needed.
• Conduct periodic access reviews and partner with system owners to remediate access gaps and policy violations.
• Participate in annual third-party cyber and risk assessments, addressing identity and access related findings.
• Develop operational metrics and reporting to communicate platform health, access risks, and improvement areas to management.
• Maintain documentation, standards, and procedures for identity and access services.
• Serve as the primary escalation point for identity and access related incidents, outages, and security events, coordinating response and remediation with Information Security and Infrastructure teams.

Benefits

• health insurance
• life insurance
• disability insurance
• paid time off (including sick leave, parental leave, volunteer leave, and vacation)
• charitable donation match
• family support services (including Bright Horizons and Benefit Advocate Center)
• a 401(k) in addition to other benefits