Remote Access Control Engineer Jobs in Virginia (NOW HIRING)

AIR's Tek Office is seeking an experienced Senior Cloud Engineer with a focus on Microsoft 365/Entra to join its diverse and talented group. The Senior Cloud Engineer manages and optimizes the organization's Microsoft 365 and Entra ID tenants, with primary responsibility for Exchange Online, identity, security, and collaboration services. This role requires advanced skills in Microsoft 365 administration, investigation, and strong cross-platform experience, with the ability to drive automation and modern cloud practices. This position reports to the Director of IT Infrastructure Operations.
This position offers hybrid work flexibility, requiring three days per week in AIR's Crystal City, Virginia office, with occasional travel for meetings, training sessions, and conferences.
About AIR:
Founded in 1946 and headquartered in Arlington, Virginia, the American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data-driven solutions that expand opportunities and improve lives for all.
Key responsibilities:
The key responsibilities for the position include, but are not limited to-

• Design, configure, and administer Microsoft 365 services including Exchange Online, SharePoint Online, OneDrive, Teams, Copilot, and related security/compliance features.
• Administer and harden Entra ID (Azure AD), including conditional access, identity protection, app registrations, and role-based access control.
• Own Exchange Online configuration: mail flow, transport rules, connectors, policies, hybrid connectivity, and advanced troubleshooting of mail delivery issues.
• Investigate incidents, identify patterns, and develop detection queries and reports leveraging Microsoft 365 Defender, Purview, and Log Analytics.
• Collaborate with security and networking teams to implement and maintain security baselines, DLP, retention, eDiscovery, and auditing across the M365 environment.
• Develop and maintain automation, scripts, and integrations to streamline administration, reporting, and provisioning.
• Contribute to CI/CD and infrastructure-as-code practices (e.g., Azure DevOps, GitHub) for Microsoft 365 configuration and related workloads.
• Work with containerized and cloud workloads (e.g., Kubernetes) where they integrate with M365/Entra for identity, security, or application access.
• Lead complex incident response and root-cause analysis for M365 and identity-related outages and security events.
• Produce and maintain technical documentation, standards, runbooks, and architectural diagrams for Microsoft 365 and Entra services.
• Mentor junior collaborators and provide guidance on best practices, governance, and operational excellence.

Qualifications:
Education, Knowledge, and Experience

• Bachelor's degree in Computer Science, Computer Engineering, or related discipline and at least 9 years of relevant experience in the IT industry, or a master's degree with at least 7 years of relevant experience, or at least 15 years of relevant industry experience.
• At least 5 years experience of hands-on administration experience with Microsoft 365 and Entra ID in a mid- to large-enterprise environment.
• Exposure to Azure DevOps, GitHub, or similar tools to manage scripts, pipelines, and infrastructure-as-code definitions for Microsoft 365.
• Strong experience using KQL in Microsoft 365 Defender, Sentinel, or Log Analytics to query logs, create custom detections, and analyze security or operational events.
• Demonstrated expert-level experience with Exchange Online: mail flow troubleshooting, advanced transport configuration, security and compliance policies, and integration with third-party services.

Skills

• Effective communicator with demonstrated ability to communicate with and understand the needs of both technical and non-technical internal and external clients.
• Demonstrated ability to work well independently, and collaboratively as needed.
• Adept in a fast-paced environment to manage multiple concurrent deliveries.
• Demonstrated analytical, critical thinking, and problem-solving skills with a focus on detail and high quality.
• Deep understanding of identity and access concepts: SSO, OAuth/OIDC, federation, conditional access, MFA, and privileged identity management.
• Proficiency with PowerShell for automation, bulk operations, and configuration management in Microsoft 365 and Entra ID.
• Solid knowledge of security, compliance, and governance capabilities in M365 (e.g., DLP, retention, eDiscovery, audit, safe links/attachments).
• Familiarity with container platforms (e.g., Kubernetes/AKS) and how they integrate with Entra ID for identity and access control.
• Experience using Microsoft Graph API for automation, integration, and advanced reporting scenarios is preferred.
• Experience with Microsoft Sentinel or similar SIEM platforms for M365 and Entra monitoring and analytics is preferred.
• Experience with LSoft List-Plex is preferred.
• Passion for the craft with a demonstrated ability to learn and understand the technology both at a high level and at a detailed level.

Disclosures: Applicants must be currently authorized to work in the U.S. on a full-time basis. Employment-based visa sponsorship (including H-1B sponsorship) is not available for this position. Depending on project work, qualified candidates may need to meet certain residency requirements.
American Institutes for Research is an equal employment opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without discrimination on the basis of any characteristic protected by applicable federal, state or local law, including, but not limited to, actual or perceived race (including traits historically associated with race, such as hair texture, hair type, and protective hairstyles such as braid, locks, and twists), creed, color, religion, alienage or national origin, ancestry, citizenship status, age, physical or mental disability, medical condition (e.g., cancer), sex, gender, gender identity or expression (including transgender status), sexual orientation, marital status, civil union status, pregnancy, childbirth or related medical conditions, genetic information, or military or veteran status. AIR adheres to strict child safeguarding principles. All selected candidates will be expected to adhere to these standards and principles and will therefore undergo reference and background checks. AIR maintains a drug-free work environment.
ACCESSIBILITY NOTICE: If you need a reasonable accommodation for any part of the employment process due to a physical or mental disability, please send an email to Taliba Boone at tboone@air.org or call 202.403.5000.
Fraudulent Job Scams Warning & Disclaimer: AIR is aware of individuals falsely presenting themselves as AIR representatives. Fraudulent job scams seek to extract sensitive information or money from victims. To protect yourself, please be aware that AIR recruitment will only email you from an "@air.org" domain. Please take extra caution while examining the email address, for example jdoe@air.org is correct and jdoe@aircareers.org is not a legitimate AIR email address. If you are unsure of the legitimacy of a communication you have received, please reach out to recruitment@air.org. If you see a job scam, or lose money to one, report it to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov. You can also report it to your state attorney general. Find out more about how to avoid scams atftc.gov/scams.
#LI-MP1 #LI-Hybrid
AIR's Total Rewards Program, is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.
Anticipated Annual Salary Range
$149,000-$176,000 USD