Systems Engineer

Cravath, Swaine & Moore LLP
New York, United States of America
11 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Experience level
Senior
Compensation
$ 165K

Job location

New York, United States of America

Tech stack

Microsoft Windows
Microsoft Active Directory
Active Directory Federation Services
Systems Engineering
User Authentication
Authentication Protocols
Azure
Cloud Computing
Configuration Management
Software Documentation
Computer Security
Distributed File Systems
Disaster Recovery
Federated Identity Management
Identity and Access Management
Windows Server
OAuth
OpenID
Public Key Infrastructure
Powershell
Role-Based Access Control
Azure
Security Assertion Markup Language (SAML)
Shell Script
Enterprise Software Applications
Microsoft InTune
Deployment Automation
Hardware Infrastructure
Serverless Computing

Job description

Cravath has been known as one of the premier U.S. law firms for more than two centuries. Throughout our history, we have played a central role in developing how law is practiced, how lawyers are trained and how business risk is managed. Our goal is to be the firm of choice for clients with respect to their most challenging legal issues, most significant business transactions and most critical disputes. We are seeking a hands-on, detail-oriented Systems Engineer focused on IAM and hybrid infrastructure. This role is operationally focused, with primary responsibility for identity platforms, access controls, and core infrastructure services across cloud and on-premises systems. RESPONSIBILITIES: KEY RESPONSIBILITIES Identity & Access Management

  • Administer Microsoft Entra ID and Active Directory, including user and group lifecycle management
  • Configure and maintain Conditional Access policies, MFA, and authentication controls
  • Support enterprise applications, SSO integrations, and app registrations
  • Manage role-based access controls (RBAC), privileged identity management (PIM), and least-privilege access
  • Troubleshoot authentication and access issues using logs and monitoring tools
  • Manage and support certificate-based services, including PKI/CA operations, issuance, renewal, and troubleshooting of certificates used for authentication, encryption, and application access

Cloud & Infrastructure Operations

  • Support day-to-day operations across Entra, Azure and on-premises infrastructure
  • Support cloud adoption and governance initiatives, including expanding Microsoft utilization, transitioning workloads to cloud-native services, and contributing to security posture.
  • Monitor and maintain system performance, availability, and reliability

Automation & Configuration

  • Develop and maintain PowerShell scripts to automate operational tasks
  • Identify opportunities to improve efficiency through automation and standardization
  • Support configuration management and policy enforcement across systems
  • Support and contribute to modern endpoint management initiatives, including Intune and Autopilot.

Operational Maintenance & Security

  • Perform system maintenance, upgrades, and patching coordination
  • Partner with IT Security to review and remediate vulnerabilities and findings
  • Administer file services, including permissions, DFS namespaces, and replication
  • Participate in on-call rotation and provide responsive escalation support

Documentation & Continuous Improvement

  • Maintain accurate system documentation, diagrams, and disaster recovery runbooks
  • Contribute to process improvement and operational best practices
  • Support knowledge sharing and cross-training across the team
  • Recommend enhancements to standards, policies, and workflows

Requirements

Do you have experience in Shell Scripting?, Required:

  • 5+ years of experience in Microsoft enterprise infrastructure or systems administration
  • Strong understanding of and hands-on experience with:
  • Microsoft Entra ID, including Conditional Access, RBAC, and PIM
  • Active Directory, Group Policy, and hybrid Azure administration
  • Authentication methods including MFA, SSO, and modern authentication protocols
  • Federated identity scenarios (e.g., ADFS, SAML, OAuth/OIDC)
  • Certificate services, PKI/CA operations, and certificate lifecycle management
  • Windows Server administration and enterprise system troubleshooting
  • PowerShell scripting and automation
  • File services including DFS namespaces, DFSR, and permissions management

Preferred:

  • Microsoft certifications (e.g., Azure Administrator, Identity and Access Administrator, Microsoft 365)
  • Experience in a security-focused or regulated environment
  • Exposure to identity governance and access review processes

Benefits & conditions

4.04.0 out of 5 stars New York, NY Hybrid work $140,000 - $165,000 a year - Full-time, Pulled from the full job description

  • 401(k)
  • Health insurance
  • Paid time off
  • Vision insurance
  • Dental insurance, This position is located in our New York office, and currently has a hybrid work schedule, but that is subject to change. The estimated salary range for this position is $140,000 to $165,000. The actual salary offered will be based on a wide range of factors, including relevant skills, training, experience, education, and where applicable, licensure or certification obtained. Market and Firm factors are also considered. In addition to base salary and discretionary bonus(es), we offer a generous employee benefits package including, but not limited to, paid time off, medical, dental, vision care, 401(k) and substantial health club discounts.

Apply for this position