Senior Cloud Engineer I

AIR is seeking aSenior Cloud Engineer I to lead the design administration and advancement of our Microsoft 365 and Entra ID ecosystem in support of our missiondriven researchfocused this role you will serve as a technical expert and strategic partner ensuring our cloud collaboration and identity platforms are secure resilient and optimized for a diverse distributed workforce. You will work across engineering security and operational teams to strengthen AIRs cloud posture drive automation and implement bestinclass governance and security practices.

This position is ideal for an experienced engineer who excels in complex enterprise environments enjoys solving challenging technical problems and is passionate about building scalable secure and wellarchitected cloud services. You will have the opportunity to influence longterm cloud strategy mentor junior staff and play a key role in supporting AIRs mission to improve lives through research evidence and innovation.

This position has the flexibility to work remotely within the United States (U.S.) or from one of AIRsU.S. office locations. This does not include U.S. territories.

About AIR:

Founded in 1946 and headquartered in Arlington Virginia the American Institutes for Research (AIR) is a nonpartisan not-for-profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data-driven solutions that expand opportunities and improve lives for all.

Responsibilities

The responsibilities for the position include:

• Design configure and administer Microsoft 365 services including Exchange Online SharePoint Online OneDrive Teams Copilot and related security/compliance features.
• Administer and harden Entra ID (Azure AD) including conditional access identity protection app registrations and rolebased access control.
• Own Exchange Online configuration: mail flow transport rules connectors policies hybrid connectivity (if applicable) and advanced troubleshooting of mail delivery issues.
• Use Kusto Query Language (KQL) in tools such as Microsoft 365 Defender Purview and Log Analytics to investigate incidents identify patterns and develop detection queries and reports.
• Collaborate with security and networking teams to implement and maintain security baselines DLP retention eDiscovery and auditing across the M365 environment.
• Develop and maintain automation scripts and integrations using PowerShell and Microsoft Graph API to streamline administration reporting and provisioning.
• Contribute to CI/CD and infrastructureascode practices (e.g. Azure DevOps GitHub) for Microsoft 365 configuration and related workloads.
• Work with containerized and cloud workloads (e.g. Kubernetes) where they integrate with M365/Entra for identity security or application access.
• Lead complex incident response and rootcause analysis for M365 and identityrelated outages or security events.
• Produce and maintain technical documentation standards runbooks and architectural diagrams for Microsoft 365 and Entra services.
• Mentor junior administrators and provide guidance on best practices governance and operational excellence.

Qualifications:

Education Knowledge and Experience:

• Bachelors degree in Computer Science Computer Engineering or related discipline and at least 9 years of relevant experience in the IT industry or a masters degree with at least 7 years of relevant experience or at least 15 years of relevant industry experience.
• At least 5 years experience of handson administration experience with Microsoft 365 and Entra ID in a mid to largeenterprise environment.

Skills:

• Effective communicator with demonstrated ability to communicate with and understand the needs of both technical and non-technical internal and external clients. Additionally effectively collaborate in a virtual cross-functional team environment.
• Demonstrated ability to work well independently and collaboratively as needed.
• Adept in a fast-paced environment to manage multiple concurrent deliveries.
• Demonstrated analytical critical thinking and problem-solving skills with a focus on detail and high quality.
• Demonstrated expertlevel experience with Exchange Online: mail flow troubleshooting advanced transport configuration security and compliance policies and integration with thirdparty services.
• Strong experience using KQL in Microsoft 365 Defender Sentinel or Log Analytics to query logs create custom detections and analyze security or operational events.
• Deep understanding of identity and access concepts: SSO OAuth/OIDC federation conditional access MFA and privileged identity management.
• Proficiency with PowerShell for automation bulk operations and configuration management in Microsoft 365 and Entra ID.
• Solid knowledge of security compliance and governance capabilities in M365 (e.g. DLP retention eDiscovery audit safe links/attachments).
• Exposure to Azure DevOps GitHub or similar tools to manage scripts pipelines and infrastructureascode definitions for Microsoft 365.
• Familiarity with container platforms (e.g. Kubernetes/AKS) and how they integrate with Entra ID for identity and access control.
• Experience using Microsoft Graph API for automation integration and advanced reporting scenarios is preferred but not required.
• Experience with Microsoft Sentinel or similar SIEM platforms for M365 and Entra monitoring and analytics is preferred but not required.
• Experience with the Varonis platform AWS and/or Google Workspace is preferred but not required.
• Passion for the craft with a demonstrated ability to learn and understand the technology both at a high level and at a detailed level.

Disclosures:Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work qualified candidates may need to meet certain residency requirements.

American Institutes for Research is an equal employment opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without discrimination on the basis of age race color religion sex gender gender identity/expression sexual orientation national origin protected veteran status or disability. AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks. AIR maintains a drug-free work environment.

ACCESSIBILITY NOTICE:If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability please send an email to Taliba Boone at call 202.403.5000.

Fraudulent Job Scams Warning & Disclaimer:AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself please be aware that AIR recruitment will only email you from an @ domain. Please take extra caution while examining the email address for example is correct and is not a legitimate AIR email address. If you are unsure of the legitimacy of a communication you have received please reach out If you see a job scam or lose money to one report it to the Federal Trade Commission (FTC) . You can also report it to your state attorney general. Find out more about how to avoid scams #LI-REMOTE