Senior Platform Engineer

Job summary

The Sr. Platform Engineer — Identity & Modern Workplace is the senior technical owner of three platform domains at Radiant: identity & access, endpoint management, and productivity & collaboration. This role involves architecting and operating these domains as integrated platforms, leading the design and execution of a move to a modern, cloud-native model, and evolving and governing the platforms as Radiant grows. The engineer will remain hands-on, solving complex issues, leading escalations, and providing T2/T3 support. The role requires fluency across modern AI tooling and close partnership with Security, Infrastructure/SRE, and Support Services.

Benefits

Qualifications

• Bachelor's degree in Computer Science, Information Systems, or related field, or equivalent technical experience.
• 7+ years in enterprise IT with progressive responsibility in identity, endpoint, or platform engineering.
• 4+ years of hands-on, in-depth experience operating modern cloud identity platforms at enterprise scale (Entra ID, Okta, Google Workspace, or equivalent).
• Production experience with modern endpoint / MDM platforms at scale (Intune, Jamf, Kandji, Workspace ONE, or equivalent), including configuration, compliance, and application delivery.
• Strong production experience designing and operating modern authentication and zero-trust access (conditional/contextual access, MFA, SSO/federation, OAuth/OIDC, SAML).
• Strong scripting and API integration skills in at least one modern language (PowerShell, Python, or equivalent).
• Demonstrated written communication skills for architecture documents, runbooks, and decision records.
• Working knowledge of on-premises Active Directory, Group Policy, and traditional MDM/imaging.
• Demonstrated experience leading or executing a migration from on-premises identity and endpoint management to a modern cloud-native model.
• Experience integrating macOS devices into a modern identity and MDM platform (Apple Business Manager, Automated Device Enrollment, Platform SSO, FileVault management, macOS application deployment).
• Hands-on experience across multiple modern identity or endpoint platforms (e.g., Entra and Okta, or Intune and Jamf).
• Certifications in Microsoft (SC-300, MD-102, MS-700, MS-100/101), Okta, Apple/Jamf, Google Workspace, or relevant security/cloud certifications (CISSP, AWS, Azure).
• Experience operating in a SOX-controlled environment, including evidence gathering and access reviews.
• Experience with Infrastructure-as-Code at scale (Terraform, Bicep, or equivalent) and CI/CD-driven platform configuration.
• Familiarity with SIEM and security platforms from a platform-integration perspective.

Responsibilities

• Own the identity platform end-to-end, including identity lifecycle, directory and group strategy, and hybrid identity.
• Design and operate zero-trust access, including conditional/contextual access policies, modern authentication, MFA, and risk-based controls.
• Govern application identity, including SSO and federation patterns, OAuth/OIDC app registrations and consent, service principals, and third-party SaaS integration.
• Define and maintain access architecture, including RBAC models, role assignments, permission boundaries, privileged access patterns, and access reviews.
• Own modern device management for the fleet, including enrollment, configuration, compliance, application delivery, and update strategy across Windows and macOS.
• Establish and enforce device posture as a foundation for conditional access and zero-trust enforcement.
• Build provisioning experiences that minimize friction for end users while meeting security and compliance requirements.
• Own the collaboration and productivity platform, including email, messaging, file collaboration, content management, governance, lifecycle, and external sharing models.
• Implement data protection patterns, including DLP, sensitivity labels, and retention.
• Lead the technical design and execution of the move from legacy on-premises identity and endpoint management to a modern, cloud-native model.
• Apply working knowledge of legacy on-prem patterns to navigate, document, and decommission legacy artifacts during transition.
• Document target-state architecture, migration plans, rollback strategies, and operational runbooks.
• Continuously evaluate the platform stack against business needs and recommend integration, replacement, or expansion.
• Drive automation across managed platforms using scripting and API toolkit (PowerShell, Microsoft Graph, Python, REST APIs, Infrastructure-as-Code).
• Apply AI tooling fluently for scripting and IaC generation, design exploration, policy and log analysis, runbook and documentation drafting, and accelerated troubleshooting.
• Use Microsoft Copilot for M365 ecosystem capabilities, such as Security Copilot in incident workflows or Copilot-assisted administration.
• Maintain comprehensive documentation of managed platforms, including architecture, configuration, runbooks, and SOPs.
• Execute change management for platform changes, including maintenance windows, rollout planning, and communication.
• Own license management and capacity forecasting for platforms.
• Provide hands-on T2/T3 support to Renton HQ for escalated issues.

Skills

Certifications

Degrees

Work schedule

Relocation