Senior Cloud Engineer

Cravath has been known as one of the premier U.S. law firms for more than two centuries. Throughout our history, we have played a central role in developing how law is practiced, how lawyers are trained and how business risk is managed. Our goal is to be the firm of choice for clients with respect to their most challenging legal issues, most significant business transactions and most critical disputes.

We are seeking a Senior Cloud Engineer to take ownership of the Firm’s Microsoft identity, access, and hybrid infrastructure platforms. This is a hands-on role for an engineer who is very comfortable working with Entra ID, Azure and hybrid infrastructure, while leading complex initiatives from design through implementation.

This role is best suited for someone who enjoys solving difficult technical problems, improving how identity and access are managed across the environment, and balancing modernization work with the realities of a high-availability production environment.

Identity & Authentication

• Owns and evolves the Firm’s Microsoft Entra ID and hybrid identity environment, including Conditional Access, Enterprise Applications, and SSO across SAML and OIDC-integrated applications;
• Designs and maintains authentication and access controls, including MFA, passwordless authentication, Windows Hello for Business, certificate-based authentication, and administrative account segmentation;
• Manages privileged access controls, including role-based access, PIM, and related administrative security standards;
• Leads the transition from legacy authentication models to cloud-first identity, including migration of ADFS-integrated applications, adoption of Password Hash Sync where appropriate, and significant reduction of legacy authentication dependencies; and
• Improves visibility, monitoring, and security controls across the identity platform, in partnership with IT Security.

Cloud & Core Infrastructure

• Leads Active Directory upgrades and improvements, including domain and forest planning, domain controller lifecycle management, replication health, and related directory services;
• Maintains and optimizes core infrastructure services including Active Directory, PKI, DNS, DHCP, and DFS/DFSR; and
• Contributes to broader infrastructure initiatives, including NetApp storage optimization and NFS modernization, and supports VMware-based hybrid infrastructure where needed.

Automation & Engineering

• Builds and maintains PowerShell automation for identity, infrastructure, and operational workflows;
• Develops scripts and integrations using Microsoft Graph API for provisioning, reporting, and administrative tasks; and
• Maintains clear technical documentation, standards, and runbooks to support operations and project delivery.

Technical Leadership & Operations

• Acts as a technical lead on identity and infrastructure projects from design through post-implementation review;
• Partners with Security, Application Development, and Operations teams to deliver secure, practical solutions;
• Troubleshoots complex authentication, access, and hybrid identity issues in a 24/7 production environment;
• Takes ownership of high-priority and unplanned work and drives issues through to resolution with minimal oversight;
• Participates in an on-call rotation and provide after-hours support when needed; and
• Performs additional duties as assigned.

• Bachelor’s degree or equivalent practical experience;
• 10+ years of experience supporting Microsoft-based enterprise environments, with a strong focus on identity, authentication, and directory services;
• Strong hands-on experience with Azure, Microsoft Entra ID, hybrid identity, Conditional Access, SSO, Intune, and Active Directory;
• Hands-on experience with PowerShell, Microsoft Graph API, and Azure-based identity and hybrid connectivity services;
• Experience leading complex infrastructure, identity, or modernization initiatives in production environments;
• Solid understanding of identity security, privileged access, and Zero Trust concepts;
• Ability to work through ambiguity, manage competing priorities, and make sound technical decisions in a fast-paced environment;
• Experience with VMware and NetApp is a plus;
• Microsoft Azure Administrator (AZ-104) and other relevant Microsoft identity or security certifications are preferred;
• Strong communication skills and the ability to work effectively across technical and non-technical teams; and
• Ability to work additional hours as needed, including nights and weekends.

This position is located in our New York office, and currently has a hybrid work schedule, but that is subject to change. The estimated salary range for this position is $180,000 to $220,000. The actual salary offered will be based on a wide range of factors, including relevant skills, training, experience, education, and where applicable, licensure or certification obtained. Market and Firm factors are also considered. In addition to base salary and discretionary bonus(es), we offer a generous employee benefits package including, but not limited to, paid time off, medical, dental, vision care, 401(k) and substantial health club discounts.