Staff M365 Systems Engineer

Lucid is seeking to hire a Staff M365 Systems Engineer who is responsible for architecting and managing end-to-end Microsoft 365 solutions, with a focus on Azure AD, on-premise Active Directory, and Certificate Services. They lead administration efforts for hybrid identity environments, implement advanced Azure AD features (e.g., MFA, Conditional Access), and manage PKI solutions to secure communications and services. The role emphasizes security and compliance by enforcing robust controls, conducting risk assessments, and ensuring governance across hybrid environments. Additionally, the engineer acts as a technical leader, collaborating with teams, mentoring staff, and optimizing system performance while maintaining detailed documentation and providing tier-3 support. 

You Will: 

Solution Architecture & Design 

• Architect and design end-to-end Microsoft 365 solutions, with a special emphasis on Azure AD, on-premise Active Directory, and Certificate Services (e.g., Active Directory Certificate Services, Public Key Infrastructure). 

• Collaborate with stakeholders to gather requirements, define best-fit solutions, and create detailed architectural diagrams and documentation. 

• Drive the adoption and integration of new technologies and advanced features across the M365 suite (e.g., Exchange Online, SharePoint Online, Teams). 

Azure AD & On-Premise AD Administration & Management 

• Lead administration efforts for Azure AD and on-premise Active Directory, including setting up and maintaining federation, hybrid identity, and user provisioning. 

• Configure and manage advanced Azure AD features such as multifactor authentication (MFA), conditional access policies, and Privileged Identity Management (PIM). 

• Oversee automated identity lifecycle management in both on-premise and cloud environments, ensuring that onboarding/offboarding processes align with organizational policies and security requirements. 

• Plan and execute Azure AD Connect installations, migrations, and upgrades to maintain a healthy hybrid identity environment. 

Certificate Services (PKI) Management 

• Design, deploy, and manage Active Directory Certificate Services (AD CS) or other PKI solutions to secure internal and external communications, devices, and services. 

• Ensure certificate renewal, revocation, and compliance processes are efficient, automated where possible, and aligned with industry standards. 

• Troubleshoot and resolve complex certificate-related issues and provide guidance on PKI best practices to internal teams. 

Security & Compliance 

• Implement robust security controls that align with industry standards and regulatory requirements, leveraging Azure AD features like Identity Protection and Access Reviews. 

• Develop and maintain governance policies for identity, devices, data protection, and certificate management. 

• Conduct periodic security risk assessments, recommend remediation strategies, and ensure that security measures are consistently enforced across hybrid environments. 

Technical Leadership & Collaboration 

• Serve as a subject matter expert for Azure AD, on-premise Active Directory, and certificate services (PKI), mentoring junior team members and providing guidance to operations teams. 

• Work alongside infrastructure, network, and application teams to integrate solutions seamlessly and ensure compatibility across the Microsoft ecosystem. 

• Participate in technical reviews and ensure that deployed solutions align with best practices, performance requirements, and enterprise standards. 

Monitoring & Optimization 

• Establish monitoring and alerting mechanisms to track service health and performance for M365, Azure AD, on-premise AD, and certificate infrastructures. 

• Proactively identify opportunities for service and performance improvements, implementing changes to enhance resilience and stability. 

• Stay up to date on the latest features, enhancements, and trends in the Microsoft 365 ecosystem, Azure AD, on-premise AD, and PKI, and advise on potential benefits to the organization. 

Documentation & Support 

• Maintain comprehensive technical documentation for system configurations, standard operating procedures, and change management. 

• Provide tier-3 and escalation support for issues related to M365, Azure AD, on-premise AD, and certificate services. 

• Troubleshoot and resolve complex identity, authentication, and configuration problems in both on-premise and cloud environments. 

You Bring: 

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or a related field. 

• Relevant Microsoft certifications (e.g., MS-100, MS-101, AZ-305, or equivalent) are highly desirable. 

• 8+ years of experience working in an architectural or staff engineering role focused on Microsoft 365, Azure AD, on-premise AD, and certificate services. 

• Demonstrated track record of leading successful deployments and migrations to Microsoft 365 services and hybrid identity solutions. 

• Certifications related to on-premise Active Directory and certificate services (PKI) are advantageous. 

• In-depth experience with Azure AD and on-premise Active Directory, including setting up and managing hybrid identity environments, single sign-on (SSO), and Active Directory Federation Services (AD FS). 

• Proven track record in designing and implementing advanced Azure AD features (e.g., Conditional Access, MFA, PIM, Identity Protection). 

• Strong knowledge of the Microsoft 365 suite (SharePoint Online, Exchange Online, Teams, OneDrive). 

• Experience with certificate services, PKI design, and management (e.g., Active Directory Certificate Services) in enterprise environments. 

• Solid understanding of networking, identity protocols (OAuth, SAML, OpenID Connect), and security standards. 

• Familiarity with scripting/automation (PowerShell, Azure CLI) and Infrastructure as Code (e.g., ARM templates, Bicep) is a plus. 

• Experience implementing best practices for identity, access management, security, and certificate services in complex, hybrid environments. 

• Excellent verbal and written communication skills, with the ability to simplify complex technical concepts for non-technical stakeholders. 

• Strong analytical, problem-solving, and decision-making abilities. 

• Team player with a proactive mindset, capable of working independently and collaboratively in a fast-paced environment. 

• Ability to manage multiple projects and deadlines effectively.