Senior Cloud Engineer I at Americaninstitutesforresearch

AIR is seeking a Senior Cloud Engineer I to lead the design, administration, and advancement of our Microsoft 365 and Entra ID ecosystem in support of our mission‑driven, research‑focused organization. In this role, you will serve as a technical expert and strategic partner, ensuring our cloud collaboration and identity platforms are secure, resilient, and optimized for a diverse, distributed workforce. You will work across engineering, security, and operational teams to strengthen AIR’s cloud posture, drive automation, and implement best‑in‑class governance and security practices. This position is ideal for an experienced engineer who excels in complex enterprise environments, enjoys solving challenging technical problems, and is passionate about building scalable, secure, and well‑architected cloud services. You will have the opportunity to influence long‑term cloud strategy, mentor junior staff, and play a key role in supporting AIR’s mission to improve lives through research, evidence, and innovation. This position has the flexibility to work remotely within the United States (U.S.) or from one of AIR’s U.S. office locations. This does not include U.S. territories. About AIR: Founded in 1946 and headquartered in Arlington, Virginia, the American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data-driven solutions that expand opportunities and improve lives for all. Responsibilities The responsibilities for the position include: • Design, configure, and administer Microsoft 365 services including Exchange Online, SharePoint Online, OneDrive, Teams, Copilot, and related security/compliance features. • Administer and harden Entra ID (Azure AD), including conditional access, identity protection, app registrations, and role‑based access control. • Own Exchange Online configuration: mail flow, transport rules, connectors, policies, hybrid connectivity (if applicable), and advanced troubleshooting of mail delivery issues. • Use Kusto Query Language (KQL) in tools such as Microsoft 365 Defender, Purview, and Log Analytics to investigate incidents, identify patterns, and develop detection queries and reports. • Collaborate with security and networking teams to implement and maintain security baselines, DLP, retention, eDiscovery, and auditing across the M365 environment. • Develop and maintain automation, scripts, and integrations using PowerShell and Microsoft Graph API to streamline administration, reporting, and provisioning. • Contribute to CI/CD and infrastructure‑as‑code practices (e.g., Azure DevOps, GitHub) for Microsoft 365 configuration and related workloads. • Work with containerized and cloud workloads (e.g., Kubernetes) where they integrate with M365/Entra for identity, security, or application access. • Lead complex incident response and root‑cause analysis for M365 and identity‑related outages or security events. • Produce and maintain technical documentation, standards, runbooks, and architectural diagrams for Microsoft 365 and Entra services. • Mentor junior administrators and provide guidance on best practices, governance, and operational excellence. Qualifications: Education, Knowledge, and Experience: • Bachelor’s degree in Computer Science, Computer Engineering, or related discipline and at least 9 years of relevant experience in the IT industry, or a master’s degree with at least 7 years of relevant experience, or at least 15 years of relevant industry experience. • At least 5 years experience of hands‑on administration experience with Microsoft 365 and Entra ID in a mid‑ to large‑enterprise environment. Skills: • Effective communicator with demonstrated ability to communicate with and understand the needs of both technical and non-technical internal and external clients. Additionally, effectively collaborate in a virtual, cross-functional team environment. • Demonstrated ability to work well independently, and collaboratively as needed. • Adept in a fast-paced environment to manage multiple concurrent deliveries. • Demonstrated analytical, critical thinking, and problem-solving skills with a focus on detail and high quality. • Demonstrated expert‑level experience with Exchange Online: mail flow troubleshooting, advanced transport configuration, security and compliance policies, and integration with third‑party services. • Strong experience using KQL in Microsoft 365 Defender, Sentinel, or Log Analytics to query logs, create custom detections, and analyze security or operational events. • Deep understanding of identity and access concepts: SSO, OAuth/OIDC, federation, conditional access, MFA, and privileged identity management. • Proficiency with PowerShell for automation, bulk operations, and configuration management in Microsoft 365 and Entra ID. • Solid knowledge of security, compliance, and governance capabilities in M365 (e.g., DLP, retention, eDiscovery, audit, safe links/attachments). • Exposure to Azure DevOps, GitHub, or similar tools to manage scripts, pipelines, and infrastructure‑as‑code definitions for Microsoft 365. • Familiarity with container platforms (e.g., Kubernetes/AKS) and how they integrate with Entra ID for identity and access control. • Experience using Microsoft Graph API for automation, integration, and advanced reporting scenarios is preferred, but not required. • Experience with Microsoft Sentinel or similar SIEM platforms for M365 and Entra monitoring and analytics is preferred, but not required. • Experience with the Varonis platform, AWS, and/or Google Workspace is preferred, but not required. • Passion for the craft with a demonstrated ability to learn and understand the technology both at a high level and at a detailed level. Disclosures: Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work, qualified candidates may need to meet certain residency requirements. American Institutes for Research is an equal employment opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without discrimination on the basis of age, race, color, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability. AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks. AIR maintains a drug-free work environment. ACCESSIBILITY NOTICE: If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability, please send an email to Taliba Boone at [Upgrade to PRO to see contact] call 202.403.5000. Fraudulent Job Scams Warning & Disclaimer: AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, please be aware that AIR recruitment will only email you from an “@air.org” domain. Please take extra caution while examining the email address, for example [Upgrade to PRO to see contact] is correct and [Upgrade to PRO to see contact] is not a legitimate AIR email address. If you are unsure of the legitimacy of a communication you have received, please reach out [Upgrade to PRO to see contact]. If you see a job scam, or lose money to one, report it to the Federal Trade Commission (FTC) atReportFraud.ftc.gov. You can also report it to your state attorney general. Find out more about how to avoid scams atftc.gov/scams. #LI-AS1 #LI-REMOTE AIR’s Total Rewards Program, is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States. Anticipated Annual Salary Range$140,000—$164,000 USD