Senior Cloud Engineer I

About AIR

Founded in 1946 and headquartered in Arlington, Virginia, the American Institutes for Research (AIR) is a nonpartisan, not‑for‑profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data‑driven solutions that expand opportunities and improve lives for all.

The Senior Cloud Engineer I will lead the design, administration, and advancement of our Microsoft 365 and Entra ID ecosystem in support of our mission‑driven, research‑focused organization. This role serves as a technical expert and strategic partner, ensuring our cloud collaboration and identity platforms are secure, resilient, and optimized for a diverse, distributed workforce.

• Remote work is available within the United States (U.S.) or from one of AIR’s U.S. office locations (U.S. territories excluded).

Responsibilities

• Design, configure, and administer Microsoft 365 services including Exchange Online, SharePoint Online, OneDrive, Teams, Copilot, and related security/compliance features.
• Administer and harden Entra ID (Azure AD), including conditional access, identity protection, app registrations, and role‑based access control.
• Own Exchange Online configuration: mail flow, transport rules, connectors, policies, hybrid connectivity (if applicable), and advanced troubleshooting of mail delivery issues.
• Use Kusto Query Language (KQL) in tools such as Microsoft 365 Defender, Purview, and Log Analytics to investigate incidents, identify patterns, and develop detection queries and reports.
• Collaborate with security and networking teams to implement and maintain security baselines, DLP, retention, eDiscovery, and auditing across the M365 environment.
• Develop and maintain automation, scripts, and integrations using PowerShell and Microsoft Graph API to streamline administration, reporting, and provisioning.
• Contribute to CI/CD and infrastructure‑as‑code practices (e.g., Azure DevOps, GitHub) for Microsoft 365 configuration and related workloads.
• Work with containerized and cloud workloads (e.g., Kubernetes) where they integrate with M365/Entra for identity, security, or application access.
• Lead complex incident response and root‑cause analysis for M365 and identity‑related outages or security events.
• Produce and maintain technical documentation, standards, runbooks, and architectural diagrams for Microsoft 365 and Entra services.
• Mentor junior administrators and provide guidance on best practices, governance, and operational excellence.

Qualifications

Education, Knowledge, and Experience

• Bachelor’s degree in Computer Science, Computer Engineering, or related discipline and at least 9 years of relevant experience in the IT industry, or a master’s degree with at least 7 years of relevant experience, or at least 15 years of relevant industry experience.
• At least 5 years of hands‑on administration experience with Microsoft 365 and Entra ID in a mid‑to‑large enterprise environment.

Skills

• Effective communicator with demonstrated ability to communicate with and understand the needs of both technical and non‑technical internal and external clients; able to collaborate in a virtual, cross‑functional team environment.
• Demonstrated ability to work well independently and collaboratively as needed.
• Adept in a fast‑paced environment to manage multiple concurrent deliveries.
• Demonstrated analytical, critical thinking, and problem‑solving skills with a focus on detail and high quality.
• Expert‑level experience with Exchange Online: mail flow troubleshooting, advanced transport configuration, security and compliance policies, and integration with third‑party services.
• Strong experience using KQL in Microsoft 365 Defender, Sentinel, or Log Analytics to query logs, create custom detections, and analyze security or operational events.
• Deep understanding of identity and access concepts: SSO, OAuth/OIDC, federation, conditional access, MFA, and privileged identity management.
• Proficiency with PowerShell for automation, bulk operations, and configuration management in Microsoft 365 and Entra ID.
• Solid knowledge of security, compliance, and governance capabilities in M365 (e.g., DLP, retention, eDiscovery, audit, safe links/attachments).
• Exposure to Azure DevOps, GitHub, or similar tools to manage scripts, pipelines, and infrastructure‑as‑code definitions for Microsoft 365.
• Familiarity with container platforms (e.g., Kubernetes/AKS) and how they integrate with Entra ID for identity and access control.
• Experience using Microsoft Graph API for automation, integration, and advanced reporting scenarios (preferred, not required).
• Experience with Microsoft Sentinel or similar SIEM platforms for M365 and Entra monitoring and analytics (preferred, not required).
• Experience with the Varonis platform, AWS, and/or Google Workspace (preferred, not required).
• Passion for the craft with a demonstrated ability to learn and understand the technology both at a high level and at a detailed level.

Disclosures

• Applicants must be currently authorized to work in the U.S. on a full‑time basis. Employment‑based visa sponsorship (including H‑1B sponsorship) is not available for this position.
• Depending on project work, qualified candidates may need to meet certain residency requirements.

Equal Employment Opportunity / Affirmative Action
American Institutes for Research is an equal employment opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without discrimination on the basis of age, race, color, religion, sex, gender, gender identity/expression, sexual orientation, national origin, protected veteran status, or disability.

Child Safeguarding
AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and will undergo reference and background checks.

Drug‑Free Workplace
AIR maintains a drug‑free work environment.

Accessibility Notice
If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability, please email Taliba Boone at tboone@air.org or call 202.403.5000.

Fraudulent Job Scams Warning & Disclaimer
AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, note that AIR recruitment will only email you from an “@air.org” domain (e.g., jdoe@air.org is correct; jdoe@aircareers.org is not). If you are unsure of a communication’s legitimacy, contact recruitment@air.org. Report job scams or losses to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov and to your state attorney general. Learn more at ftc.gov/scams.

Compensation

Anticipated Annual Salary Range: $140,000 — $164,000 USD

Salary offers are based on internal equity within the institution and external equity with competitive markets. This range applies to candidates based in the United States.

Additional Information

• #LI-AS1
• #LI-REMOTE