Senior Cloud Engineer

The Senior Cloud Delivery Engineer will be responsible for leading the design, implementation, and ongoing delivery of Cloud services on Azure Infrastructure, Intune, and Microsoft 365 platforms. This role will own key cloud services such as Entra ID, Conditional Access, Intune endpoint management inclusive of App Protection Policies, ensuring the firm’s data is secure while enabling our lawyers to work seamlessly across time zones and devices.
 
The ideal candidate will combine deep technical expertise in the Microsoft Azure cloud stack with a strong understanding of security, compliance, and user experience in a legal or highly regulated environment.
 
Responsibilities:

• Design, implement, and manage Azure Infrastructure: Entra ID, Landing Zones, Conditional Access, Resource Groups, Cloud Networking (vWan and vNet)
• Lead the design and implementation of Conditional Access policies.
• Design and manage the Cloud Network Architecture using vWAN and cloud Firewalls
• Serve as a subject-matter expert for Entra ID (Azure AD) identity services, including MFA, SSO, application registrations, access governance, and privileged identity management.
• Have a solid understanding of Exchange Online, including mail flow, security, and coexistence with any on-premises or legacy systems.
• Lead the design and implementation of Conditional Access
• Design, implement, and manage the global endpoint management solutions using Microsoft Intune for Windows, macOS, iOS, and Android
• Detailed understanding of App Protection Policies and how to best leverage them to secure access to firm data for both managed and BYOD devices.
• Implement and maintain device configuration profiles, compliance policies, and security baselines aligned to the firm’s security and regulatory requirements.
• Work closely with Information Security, Risk, and Compliance teams to ensure Microsoft 365 and Azure services support client obligations, including confidentiality and data residency.
• Comfortable with Microsoft Purview (DLP, sensitivity labels, retention, eDiscovery, legal hold) and Defender solutions (Endpoint, Office 365) as part of the firm’s security posture.
• Lead or act as senior engineer on global projects involving Microsoft 365, Intune, and related infrastructure.
• Develop and maintain technical standards, documentation, diagrams, and runbooks for operational teams.
• Provide escalation support for complex incidents and problems related to Microsoft 365, Intune, and Azure services.
• Mentor junior engineers and service desk analysts, sharing knowledge and best practices.
• Monitor platform health, performance, and capacity; recommend and implement improvements for availability, resilience, and cost optimization.
• Stay current with the Microsoft roadmap; assess new features and changes and lead their adoption within the firm where appropriate.

 
Qualifications:

• Bachelor’s degree in Computer Science, Information Systems, or equivalent experience.
• Microsoft certifications are highly desirable.
• Extensive hands-on experience administering large enterprise Microsoft 365 tenants, including Intune, Exchange Online, SharePoint/OneDrive, and Entra ID (Azure AD).
• Proven experience building and managing Intune-based endpoint management at scale, including Autopilot, app deployment, and cross-platform device management.
• Strong expertise in Conditional Access, App Protection Policies, and compliance policies for secure hybrid/BYOD access.
• Solid understanding of security and compliance features in Microsoft Purview (DLP, sensitivity labels, retention, eDiscovery) and Defender solutions.
• Proficient in PowerShell scripting and automation for Microsoft 365 and Azure.
• Experience working in a law firm or similarly regulated environment strongly preferred.
• Demonstrated ability to lead complex technical projects, manage stakeholders, and drive outcomes in a global organization.

Salary : $170,000 - $200,000