Senior Cloud & Identity Administrator

WHO WE LOOK FOR

An SEI-er is a master communicator and active listener who understands how to navigate an audience. Self-aware, almost to a fault, SEI-ers keenly understand how to adjust their support and problem solving based on the situation. Following a logical, fact-based approach, SEI-ers possess the superior ability to see correlations others may not, ask the right questions and drive solutions. 

As super-connectors, they connect not only people, but data, trends and experiences. Mature, humble, and genuine, SEI-ers frequently go above and beyond for both their clients and their colleagues. SEI-ers are ethical and trustworthy individuals who consistently and repeatedly follow through, and hold true to their values in difficult situations. SEI-ers have an insatiable curiosity and love to learn. These individuals are commonly tech savvy and early adopters. Their passion for learning is infectious and excites others. As every project is different, an SEI-er must be adaptable and comfortable with unexpected situations. SEI-ers define ambition differently. They are authentic, low-maintenance individuals who truly enjoy one another- they like to hang out with colleagues outside of work, collaborate and hold one another accountable. SEI-ers enjoy working with genuine, thoughtful folks who want to steer clear of the traditional grind and share the joy of day-to-day life and activities with colleagues, friends, and family. 

Positon Summary

SEI is seeking a Senior Cloud & Identity Administrator to take hands-on ownership of our Microsoft cloud environment and elevate it to a secure, well-governed, and operationally mature state.

This is a senior-level platform stewardship role focused on strengthening identity and access controls, standardizing cloud configurations, and driving operational discipline across a 600+ employee, 14-office organization. This is not a traditional helpdesk role. It is a high-impact technical position responsible for building and maintaining secure standards, improving documentation and processes, and serving as a senior escalation resource across the firm.

You will partner closely with IT peers and security leadership to ensure our cloud-first environment remains resilient, scalable, and aligned with industry best practices directly influencing platform maturity and overall security posture at SEI.

What You Will Own

Identity & Access Governance (Primary Focus)

• Design and enforce role-based access control (RBAC) within Entra ID
• Implement and maintain Conditional Access policies
• Enforce MFA standards across the organization
• Reduce and manage privileged access footprint
• Implement and support SSO integrations (SAML, OIDC, SCIM where applicable)
• Establish and improve Joiner/Mover/Leaver (JML) provisioning processes
• Conduct periodic access reviews
• Document identity architecture and standards

Microsoft Cloud Platform Administration

• Administer and optimize Microsoft 365 services (Exchange Online, Teams, SharePoint, OneDrive)
• Manage Azure tenant configuration and governance
• Oversee Entra ID configuration and security posture
• Manage Intune endpoint compliance and configuration (Windows and macOS)
• Improve Microsoft Secure Score strategically and responsibly
• Establish and maintain secure baseline configurations

Security Implementation (In Partnership with CISO)

• Implement security controls defined by security leadership
• Configure and operate Microsoft Defender tools
• Support vulnerability remediation efforts
• Improve logging, monitoring, and audit readiness
• Align configurations with industry best practices and internal governance standards

SaaS & Multi-Cloud Integration

• Integrate and govern SaaS platforms within Entra ID
• Assess new SaaS providers with a security and controls mindset
• Support limited Google Workspace administration (training and partnership use)
• Support AWS training environments
• Assist in planning migration of AWS financial workloads to Azure

Network & Office Infrastructure Oversight

• Oversee secure configuration of perimeter network equipment across 14 offices
• Improve documentation of network architecture and device inventory
• Standardize firewall and VPN configuration practices
• Coordinate vendor support when required

Process Improvement & Operational Discipline

• Build and document provisioning and deprovisioning workflows
• Establish change control discipline
• Create and maintain SOPs and runbooks
• Use PowerShell scripting to reduce repetitive work
• Improve documentation and operational transparency

Escalation & Technical Leadership

• Serve as Tier 3 escalation resource for complex issues
• Collaborate with IT peers to elevate technical standards
• Introduce improvements in a constructive and team-oriented manner
• Focus on root-cause resolution and systemic fixes

This role does not include direct people management but is expected to elevate platform maturity and standards across the team.

Required Experience

• 5+ years administering Microsoft 365 in a production environment
• Strong hands-on Azure and Entra ID administration experience
• Experience implementing Conditional Access and MFA at scale
• Experience designing and enforcing RBAC models
• Experience integrating SaaS applications using SAML or OIDC
• Experience with Intune endpoint management (Windows and macOS)
• Strong PowerShell scripting capability
• Experience improving loosely governed or under-documented environments
• Strong documentation and process discipline
• Ability to work independently while collaborating effectively with peers

Preferred Qualifications

• Microsoft certifications such as AZ-104, SC-300, MD-102, or similar
• Experience supporting SOC 2 readiness or audit preparation
• Familiarity with Microsoft Defender and related security tooling
• Exposure to AWS or Google Workspace administration
• Experience standardizing firewall or network device configurations
• Familiarity with CIS benchmarks or Microsoft security baselines
• ITIL Foundation or familiarity with IT service management practices

What Success Looks Like (12–18 Months)

• MFA fully enforced across the organization
• Privileged access significantly reduced and governed
• Conditional Access policies standardized and documented
• Formal JML process operational
• Secure baseline configurations established and documented
• Microsoft Secure Score meaningfully improved
• SaaS SSO standardized across major platforms
• AWS financial workload migration roadmap defined
• Platform documentation and change control processes formalized

Why SEI

SEI is a cloud-first, employee-owned consulting firm with a collaborative, values-driven culture. Shared Services plays a strategic role in enabling business growth and protecting the systems that power our consultants and clients.

In this role, you will have meaningful ownership, visible impact, and the opportunity to raise the technical bar across the organization. If you are motivated by autonomy, accountability, and building well-architected systems that truly matter, this is an opportunity to make a lasting impact.

Systems Evolution, Inc. (SEI) is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law