Infrastructure Engineer

Founded in 1999, Audax Group is a leading alternative investment manager with offices in Boston, New York, San Francisco, London and Hong Kong. With approximately $42 billion of assets under management and more than 475 employees, Audax is a leading capital partner for middle market companies, operating through three business lines: Audax Private Equity, Audax Private Debt, and Audax Strategic Capital. 

For more information, visit the Audax Group website www.audaxgroup.com. or follow us on LinkedIn.

Position Summary

The Infrastructure Engineer (Identity & Access Management) is a senior individual contributor responsible for designing, implementing, and operating the firm’s identity and access management capabilities. This role serves as the subject matter expert for Entra ID, Conditional Access, SSO, MFA, and Zscaler ZPA, enabling secure access to enterprise systems through zero trust and least privilege principles.

Responsibilities:

Identity and Access Architecture and Operations

• Design, implement, and operate enterprise identity and access management solutions aligned with zero trust, least privilege, and risk-based access principles.
• Define, maintain, and enforce standards for SSO, MFA, Conditional Access, and access governance across cloud and on-premises systems.
• Serve as the technical authority for identity-driven access patterns, authentication architectures, secure access workflows, and identity lifecycles.
• Administer Entra ID environments, including tenant configuration, identity settings, and access policies.
• Design, implement, and manage Conditional Access policies based on user risk, device posture, and access context.
• Deliver and operate SSO integrations for SaaS and internal applications, including onboarding, testing, rollout, troubleshooting, and ongoing support.
• Configure and manage Entra ID Enterprise Applications, including assignment scoping, permission governance, and access models.
• Govern Microsoft Graph API access, including permission scoping and consent workflows.
• Administer Zscaler ZPA for private application access, connectivity policies, and operational support, partnering with application owners to enable secure access.

Network and Access Control

• Administer and support Meraki switching and wireless access points, including configuration, monitoring, and lifecycle management.
• Manage network access controls and firewall policies using FortiGate to support identity-aware access.
• Troubleshoot network connectivity and access issues across wired, wireless, and remote access environments, collaborating with security and infrastructure teams as needed.

Governance, Risk and Compliance

• Conduct periodic access reviews and partner with system owners to remediate access gaps and policy violations.
• Participate in annual third-party cyber and risk assessments, addressing identity and access related findings.
• Develop operational metrics and reporting to communicate platform health, access risks, and improvement areas to management.
• Maintain documentation, standards, and procedures for identity and access services.
• Serve as the primary escalation point for identity and access related incidents, outages, and security events, coordinating response and remediation with Information Security and Infrastructure teams.

Technical Qualifications

• Expert level experience administering Entra ID, including tenant configuration, identity settings, and access policy management.
• Expert level experience designing and maintaining Conditional Access policies aligned to risk-based access and least privilege principles.
• Strong experience delivering and operating SSO and MFA at enterprise scale.
• Strong experience configuring Entra ID Enterprise Applications, including assignment scoping and permission governance.
• Experience governing Microsoft Graph API permissions, including scoping, consent workflows, and least privilege controls.
• Hands-on experience administering Zscaler ZPA.
• Working knowledge of OAuth, OpenID Connect, SAML, and LDAP.
• Working knowledge of networking fundamentals related to authentication and access control.
• Strong troubleshooting skills across authentication, authorization, and access flows.

Preferred Qualifications

• Familiarity with Microsoft Intune.
• Familiarity with Microsoft Purview.
• PowerShell scripting and automation experience.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or equivalent practical experience.
• 5+ years of experience in Identity and Access Management or closely related infrastructure or security roles.
• Demonstrated ability to lead cross-functional initiatives while remaining hands-on technically.

Location: Boston, MA with 4 days a week in the office

The base salary range for this position is $120,000 - $163,000. The base salary range represents the estimated low and high end for this position at the time of this posting. Consistent with applicable law, compensation may vary and will be determined based on but not limited to, the skills, qualifications, and experience of the applicant along with the requirements of the position, and Audax reserves the right to modify this pay range at any time. An employee may also be eligible for annual discretionary incentive compensation based on performance. 

Audax offers a wide range of employee benefits, including health insurance, life insurance, disability insurance, paid time off (including sick leave, parental leave, volunteer leave, and vacation), charitable donation match, family support services (including Bright Horizons and Benefit Advocate Center), and a 401(k) in addition to other benefits.

 This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice. 

Audax Management Co. is an equal opportunity employer.

Please note that Audax Group and its affiliated entities do not accept unsolicited resumes from a third-party recruiting agency not currently under a signed agreement. Any unsolicited resume that is sent to directly to Audax Group or one of its affiliated entities, or its employees, including those submitted to hiring managers by a third-party recruiting agency not currently under a signed agreement, will be considered property of Audax Group. If a third-party recruiting agency submits a resume without an agreement, Audax Group or its affiliated entities explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the third-party recruiting agency. Any third-party recruiting agency should contact either a member of the Talent Acquisition or Human Resource team at Audax Group, in conjunction with a valid, fully executed contract for service based upon a specific job opening.