ZipRecruiter
Overview
Job Description: Associate Director, Microsoft Platform Engineering (Player-Coach)
Location: Austin, TX / Remote Team: Platform Engineering Reports to: Director, Head of Platform Engineering Work style: Hands-on manager (~50% building, ~50% leading)
Scope & impact Own the Microsoft platform—Entra ID/Azure AD, M365 Core (Exchange Online, Teams), Power Platform—and Microsoft licensing. Drive a hard pivot from clickops to platform-as-code (Git-first, policy-as-code, pipelines, drift detection). Partner with Security (Intune, Defender, Purview) and Workplace Technology (including Service Desk) to land the right operating model. This is a technical Associate Director role: you design, build, review PRs, lead incidents, manage outcomes, and develop the team.
What you’ll own and deliver
Access (Entra ID/Azure AD). Sustain and evolve our modern posture (SSO, CA, PIM, SCIM, app registration/consent hygiene) with change control, telemetry, and safe rollout patterns.
M365 Core (Exchange & Teams). Tenant guardrails, transport hygiene (SPF/DKIM/DMARC), Teams policy baselines (external/guest/meeting/retention), published SLOs and golden dashboards.
Power Platform at scale. Environment strategy, DLP guardrails, ALM pipelines & solution checker, maker program (enablement + monitoring), connector governance; reliability for business-critical apps/flows.
Microsoft Licensing (program owner). EA strategy/renewals/true-ups, SKU mix/right-sizing (E1/E3/E5/F3, add-ons), allocation hygiene, usage analytics, cost optimization, vendor management, Finance reporting.
M365 Training Portal (product owner). Own the portal’s roadmap, curriculum, governance, and adoption; integrate with LMS/Viva as needed; partner with the SharePoint-owning team for implementation.
Automation & IaC. GitLab pipelines, Terraform (AzureAD/M365) where sensible, Microsoft Graph/PowerShell tooling, policy-as-code, drift detection with auto-remediation, auditable change history.
Reliability & Incidents. Incident command for the Microsoft stack; RCA/postmortem program with tracked corrective actions; SLO/error budget management.
Team development. Hiring pipeline, onboarding, skill matrix, growth plans, coaching, and a healthy on-call standard. Build a team that ships platforms as code.
Not in scope to own: SharePoint architecture (coordinate only).
12-month outcomes (hold us to these)
Automation. ≥90% of owned configuration managed as code (PR-gated) with auditable pipelines; high-risk drift auto-remediated.
No-clickops. ≥80% reduction in portal-only changes; exceptions documented with a time-boxed path to code.
Reliability. Published SLOs for Exchange/Teams; >99.9% availability;
Power Platform. DLP enforced, ALM/solution checker live; maker program running with safe growth and zero critical DLP violations.
Licensing. ≥8–12% YoY cost avoidance/savings, ≥98% allocation accuracy, clean audit posture with evidence.
M365 Training Portal. Launched/refreshed with ≥60% monthly active employees in target cohorts, ≥70% completion on core curricula, CSAT ≥4.3/5, and quarterly content freshness reviews.
Team Development. Skills matrix baselined; quarterly growth conversations completed; critical skills coverage ≥90%; time-to-onboard to independent PRs ≤45 days.
What you’ll do (day to day)
Lead roadmap and standards; coach senior ICs while staying hands-on.
Author Terraform modules and Graph/PowerShell tooling; enforce policy-as-code.
Build GitLab CI/CD for promotion, checks, compliance evidence, drift monitors, and auto-remediation.
Publish M365 SLO dashboards; run incident response and RCA quality.
Own licensing end-to-end: forecasting, renewal/negotiation, SKU strategy, analytics, savings tracking, Finance/Leadership reporting.
Own the M365 training portal product: curriculum roadmap, SME governance, analytics, and adoption plays; partner with the SharePoint team for delivery.
Co-define the operating model with Security and Workplace Tech; integrate with Service Desk runbooks.
What great looks like (must-haves)
Proven platform leadership with deep, hands-on Entra ID/Azure AD (CA, PIM, app reg/consent, federation, SCIM).
Strong M365 Core (Exchange/Teams) and Power Platform governance (DLP, ALM, CoE patterns).
Automation-first: Git-based workflows, GitLab CI, Graph API/PowerShell, Terraform (AzureAD/M365), policy-as-code, SLOs/error budgets.
Licensing program ownership with measurable savings and allocation hygiene.
Team builder: hiring, coaching, skill matrices, feedback culture, on-call quality bar.
Incident/RCA leadership and the backbone to say no to one-offs and push to codified, repeatable solutions.
Nice-to-haves
IGA (SailPoint/Entra ID Governance), secrets management, and PAM integrations.
Built a Power Platform CoE and scaled maker communities safely.
Regulated environments (SOX/ISO) with automated evidence.
M platform integrations (tenant consolidation, domain migrations).
How we work (non-negotiables)
No clickops. If it has a lifecycle, it lives in code behind a PR.
Security by default. Least privilege and strong auth baseline everything.
Measure it. SLOs, drift, and cost on dashboards—not in slideware.
Blameless and fast. We fix, we learn, we automate.
#ZR
#J-18808-Ljbffr
Location: Austin, TX / Remote Team: Platform Engineering Reports to: Director, Head of Platform Engineering Work style: Hands-on manager (~50% building, ~50% leading)
Scope & impact Own the Microsoft platform—Entra ID/Azure AD, M365 Core (Exchange Online, Teams), Power Platform—and Microsoft licensing. Drive a hard pivot from clickops to platform-as-code (Git-first, policy-as-code, pipelines, drift detection). Partner with Security (Intune, Defender, Purview) and Workplace Technology (including Service Desk) to land the right operating model. This is a technical Associate Director role: you design, build, review PRs, lead incidents, manage outcomes, and develop the team.
What you’ll own and deliver
Access (Entra ID/Azure AD). Sustain and evolve our modern posture (SSO, CA, PIM, SCIM, app registration/consent hygiene) with change control, telemetry, and safe rollout patterns.
M365 Core (Exchange & Teams). Tenant guardrails, transport hygiene (SPF/DKIM/DMARC), Teams policy baselines (external/guest/meeting/retention), published SLOs and golden dashboards.
Power Platform at scale. Environment strategy, DLP guardrails, ALM pipelines & solution checker, maker program (enablement + monitoring), connector governance; reliability for business-critical apps/flows.
Microsoft Licensing (program owner). EA strategy/renewals/true-ups, SKU mix/right-sizing (E1/E3/E5/F3, add-ons), allocation hygiene, usage analytics, cost optimization, vendor management, Finance reporting.
M365 Training Portal (product owner). Own the portal’s roadmap, curriculum, governance, and adoption; integrate with LMS/Viva as needed; partner with the SharePoint-owning team for implementation.
Automation & IaC. GitLab pipelines, Terraform (AzureAD/M365) where sensible, Microsoft Graph/PowerShell tooling, policy-as-code, drift detection with auto-remediation, auditable change history.
Reliability & Incidents. Incident command for the Microsoft stack; RCA/postmortem program with tracked corrective actions; SLO/error budget management.
Team development. Hiring pipeline, onboarding, skill matrix, growth plans, coaching, and a healthy on-call standard. Build a team that ships platforms as code.
Not in scope to own: SharePoint architecture (coordinate only).
12-month outcomes (hold us to these)
Automation. ≥90% of owned configuration managed as code (PR-gated) with auditable pipelines; high-risk drift auto-remediated.
No-clickops. ≥80% reduction in portal-only changes; exceptions documented with a time-boxed path to code.
Reliability. Published SLOs for Exchange/Teams; >99.9% availability;
Power Platform. DLP enforced, ALM/solution checker live; maker program running with safe growth and zero critical DLP violations.
Licensing. ≥8–12% YoY cost avoidance/savings, ≥98% allocation accuracy, clean audit posture with evidence.
M365 Training Portal. Launched/refreshed with ≥60% monthly active employees in target cohorts, ≥70% completion on core curricula, CSAT ≥4.3/5, and quarterly content freshness reviews.
Team Development. Skills matrix baselined; quarterly growth conversations completed; critical skills coverage ≥90%; time-to-onboard to independent PRs ≤45 days.
What you’ll do (day to day)
Lead roadmap and standards; coach senior ICs while staying hands-on.
Author Terraform modules and Graph/PowerShell tooling; enforce policy-as-code.
Build GitLab CI/CD for promotion, checks, compliance evidence, drift monitors, and auto-remediation.
Publish M365 SLO dashboards; run incident response and RCA quality.
Own licensing end-to-end: forecasting, renewal/negotiation, SKU strategy, analytics, savings tracking, Finance/Leadership reporting.
Own the M365 training portal product: curriculum roadmap, SME governance, analytics, and adoption plays; partner with the SharePoint team for delivery.
Co-define the operating model with Security and Workplace Tech; integrate with Service Desk runbooks.
What great looks like (must-haves)
Proven platform leadership with deep, hands-on Entra ID/Azure AD (CA, PIM, app reg/consent, federation, SCIM).
Strong M365 Core (Exchange/Teams) and Power Platform governance (DLP, ALM, CoE patterns).
Automation-first: Git-based workflows, GitLab CI, Graph API/PowerShell, Terraform (AzureAD/M365), policy-as-code, SLOs/error budgets.
Licensing program ownership with measurable savings and allocation hygiene.
Team builder: hiring, coaching, skill matrices, feedback culture, on-call quality bar.
Incident/RCA leadership and the backbone to say no to one-offs and push to codified, repeatable solutions.
Nice-to-haves
IGA (SailPoint/Entra ID Governance), secrets management, and PAM integrations.
Built a Power Platform CoE and scaled maker communities safely.
Regulated environments (SOX/ISO) with automated evidence.
M platform integrations (tenant consolidation, domain migrations).
How we work (non-negotiables)
No clickops. If it has a lifecycle, it lives in code behind a PR.
Security by default. Least privilege and strong auth baseline everything.
Measure it. SLOs, drift, and cost on dashboards—not in slideware.
Blameless and fast. We fix, we learn, we automate.
#ZR
#J-18808-Ljbffr