Senior Platform Engineer (5900)

RADIANT GLOBAL LOGISTICS INC•Renton, WA

8d•$120,000 - $140,000•Onsite

About The Position

The Sr. Platform Engineer — Identity & Modern Workplace is the senior technical owner of three platform domains at Radiant: identity & access, endpoint management, and productivity & collaboration. You'll architect and operate these domains as integrated platforms — designing how people authenticate, how their devices are governed, and how they collaborate securely — and you'll continue to own and evolve those platforms as Radiant grows. In the build phase, you'll lead the design and execution of Radiant's move to a modern, cloud-native model for identity and endpoint management — establishing zero-trust access patterns, modern device posture, secure collaboration, and platform governance. In steady state, you'll evolve and govern the platform, partnered with a Jr. Systems Administrator who handles day-to-day operational support. You'll remain hands-on throughout — solving complex issues, leading escalations, and providing T2/T3 support to Renton HQ as needed. We care more about how you think about platform problems than which vendor's product you've memorized. The current implementation is Microsoft (Entra ID, Intune, Microsoft 365, SharePoint), and you'll work in that stack daily — but we're hiring an engineer who can evaluate, adopt, and integrate the right tools for a given problem, not someone tied to a single vendor's roadmap. Radiant is an AI-driven organization. We expect senior engineers to be fluent across modern AI tooling — Claude, Gemini, and Microsoft Copilot are all in active use — and to pick the right tool for the work at hand. You'll leverage AI as a core part of how you engineer: scripting and automation, design exploration, policy and log analysis, runbook and documentation generation, troubleshooting, and architectural thinking. We care less about which tool you reach for and more that you can reach effectively across all of them. This role partners closely with our Security Analyst/Engineer on the identity-security boundary, with Infrastructure/SRE on cloud and server platform handoffs, and with Support Services on user-facing escalations.

Requirements

Bachelor's degree in Computer Science, Information Systems, or related field — or equivalent technical experience.
7+ years in enterprise IT with progressive responsibility in identity, endpoint, or platform engineering.
4+ years of hands-on, in-depth experience operating modern cloud identity platforms at enterprise scale — Entra ID (Azure AD), Okta, Google Workspace, or equivalent. Direct experience with Entra is valued; equivalent depth on a comparable platform is acceptable.
Production experience with modern endpoint / MDM platforms at scale — Intune, Jamf, Kandji, Workspace ONE, or equivalent — including configuration, compliance, and application delivery.
Strong production experience designing and operating modern authentication and zero-trust access — conditional/contextual access, MFA, SSO/federation, OAuth/OIDC, SAML.
Strong scripting and API integration skills in at least one modern language (PowerShell, Python, or equivalent), with proven ability to automate platform work end-to-end.
Demonstrated written communication — architecture documents, runbooks, and decision records.
Modern authentication & federation: SSO/SAML, OAuth 2.0 / OIDC, modern auth flows, conditional/contextual access design, MFA, app registrations and consent governance.
Current stack: Entra ID, Conditional Access, PIM.
Identity lifecycle & governance: joiner/mover/leaver automation, access reviews, RBAC, privileged access, SCIM provisioning to/from SaaS.
Current stack: Entra ID, Entra ID Governance.
MDM at scale: modern device enrollment, configuration, compliance, application delivery, and update strategy across Windows and macOS.
Current stack: Intune; the environment includes a small macOS fleet (~30 devices).
Secure collaboration & data protection: email, messaging, file collaboration, content management, DLP, sensitivity labels, retention.
Current stack: Microsoft 365, Exchange Online, Teams, SharePoint Online, OneDrive, Purview.
Automation & IaC: modern scripting (PowerShell, Python, or equivalent), REST API integration, and Infrastructure-as-Code (Terraform or equivalent) applied to platform configuration where it provides leverage.
Current stack: PowerShell + Microsoft Graph for M365 work; broader tooling where applicable.
Legacy bridge: working knowledge of on-premises Active Directory, Group Policy, and traditional MDM/imaging — sufficient to decommission legacy estates during modernization.

Nice To Haves

Demonstrated experience leading or executing a migration from on-premises identity and endpoint management (AD/GPO/SCCM or equivalent) to a modern cloud-native model.
Experience integrating macOS devices into a modern identity and MDM platform — Apple Business Manager, Automated Device Enrollment, Platform SSO, compliance profiles, FileVault management, and macOS application deployment.
Hands-on experience across multiple modern identity or endpoint platforms (e.g., both Entra and Okta, or both Intune and Jamf) — demonstrating adaptability beyond a single vendor.
Certifications in any of: Microsoft (SC-300, MD-102, MS-700, MS-100/101), Okta, Apple/Jamf, Google Workspace, or relevant security/cloud certifications (CISSP, AWS, Azure).
Experience operating in a SOX-controlled environment, including evidence gathering and access reviews.
Experience with Infrastructure-as-Code at scale (Terraform, Bicep, or equivalent) and CI/CD-driven platform configuration.
Familiarity with SIEM and security platforms from a platform-integration perspective (security operations not required).
Thinks in capabilities and outcomes first, products second — evaluates tools on fit rather than vendor loyalty, and is willing to integrate, replace, or extend the stack when a better option exists.
Comfortable operating in both architect-mode (design, planning, modernization leadership) and operator-mode (hands-on administration, escalations, ticket work).
Fluent across modern AI tooling — uses Claude, Gemini, and Copilot interchangeably as everyday engineering tools, with strong judgment about which to reach for and when to trust or verify output.
Strong written communication — produces clear documentation, runbooks, and platform decisions.
Collaborative with peers in Security, Infrastructure, and Development — clear on ownership boundaries without being territorial.
Pragmatic about legacy systems: knows when to migrate, when to integrate, and when to leave well enough alone.

Responsibilities

Own the identity platform end-to-end: identity lifecycle (joiners, movers, leavers), directory and group strategy, and hybrid identity where required.
Design and operate zero-trust access — conditional/contextual access policies, modern authentication, MFA, and risk-based controls — in partnership with SecOps.
Govern application identity: SSO and federation patterns, OAuth/OIDC app registrations and consent, service principals, and third-party SaaS integration (including SCIM provisioning where supported).
Define and maintain access architecture — RBAC models, role assignments, permission boundaries, privileged access patterns, and access reviews.
Own modern device management for the fleet — enrollment, configuration, compliance, application delivery, and update strategy — across both Windows and macOS.
Establish and enforce device posture as a foundation for conditional access and zero-trust enforcement.
Build provisioning experiences that minimize friction for end users while meeting security and compliance requirements.
Own the collaboration and productivity platform — email, messaging, file collaboration, and content management — including governance, lifecycle, and external sharing models.
Implement data protection patterns (DLP, sensitivity labels, retention) in partnership with SecOps, who owns the policy direction.
Lead the technical design and execution of Radiant's move from legacy on-premises identity and endpoint management to a modern, cloud-native model.
Apply working knowledge of legacy on-prem patterns (Active Directory, Group Policy, traditional MDM/imaging) to navigate, document, and decommission legacy artifacts during transition.
Document target-state architecture, migration plans, rollback strategies, and operational runbooks.
Continuously evaluate the platform stack against business needs — recommend integration, replacement, or expansion when the current tooling is no longer the right fit.
Drive automation across managed platforms using a modern scripting and API toolkit — PowerShell and Microsoft Graph for the M365 ecosystem, Python and REST APIs broadly, and Infrastructure-as-Code (Terraform or equivalent) for declarative platform configuration where it provides leverage.
Apply AI tooling fluently across the day-to-day — Claude, Gemini, and Microsoft Copilot are all in active use at Radiant — for scripting and IaC generation, design exploration, policy and log analysis, runbook and documentation drafting, and accelerated troubleshooting.
Use Microsoft Copilot where it is native to the M365 ecosystem and provides capability the general-purpose AI tools cannot — for example, Security Copilot in incident workflows or Copilot-assisted administration inside Intune and M365 admin centers.
Maintain comprehensive documentation of managed platforms — architecture, configuration, runbooks, and SOPs.
Execute change management for platform changes — maintenance windows, rollout planning, and communication.
Own license management and capacity forecasting for platforms under your domain.
Provide hands-on T2/T3 support to Renton HQ for issues escalated beyond the Service Desk.
Mentor the Jr. Systems Administrator on platform operations, troubleshooting, and best practices.