Associate Director, Microsoft Platform Engineering

Job DescriptionJob DescriptionAssociate Director, Microsoft Platform Engineering
(Player-Coach)
Location: Austin, TX / Remote
Team: Platform Engineering
Reports to: Director, Head of Platform Engineering
Work style: Hands-on manager (~50% building, ~50% leading)
Scope & impact
Own the Microsoft platform—Entra ID/Azure AD, M365 Core (Exchange Online, Teams), Power
Platform—and Microsoft licensing. Drive a hard pivot from clickops to platform-as-code (Git-first,
policy-as-code, pipelines, drift detection). Partner with Security (Intune, Defender, Purview) and
Workplace Technology (including Service Desk) to land the right operating model. This is a technical
Associate Director role: you design, build, review PRs, lead incidents, manage outcomes, and
develop the team.
What you’ll own and deliver
• & Access (Entra ID/Azure AD). Sustain and evolve our modern posture (SSO,
CA, PIM, SCIM, app registration/consent hygiene) with change control, telemetry, and safe rollout
patterns.
• M365 Core (Exchange & Teams). Tenant guardrails, transport hygiene (SPF/DKIM/DMARC),
Teams policy baselines (external/guest/meeting/retention), published SLOs and golden
dashboards.
• Power Platform at scale. Environment strategy, DLP guardrails, ALM pipelines & solution
checker, maker program (enablement + monitoring), connector governance; reliability for
business-critical apps/flows.
• Microsoft Licensing (program owner). EA strategy/renewals/true-ups, SKU mix/right-sizing
(E1/E3/E5/F3, add-ons), allocation hygiene, usage analytics, cost optimization, vendor
management, Finance reporting.
• M365 Training Portal (product owner). Own the portal’s roadmap, curriculum, governance, and
adoption; integrate with LMS/Viva as needed; partner with the SharePoint-owning team for
implementation.
• Automation & IaC. GitLab pipelines, Terraform (AzureAD/M365) where sensible, Microsoft
Graph/PowerShell tooling, policy-as-code, drift detection with auto-remediation, auditable change
history.
• Reliability & Incidents. Incident command for the Microsoft stack; RCA/postmortem program with
tracked corrective actions; SLO/error budget management.
• Team development. Hiring pipeline, onboarding, skill matrix, growth plans, coaching, and a
healthy on-call standard. Build a team that ships platforms as code.
Not in scope to own: SharePoint architecture (coordinate only).
12-month outcomes (hold us to these)
• Automation. ≥90% of owned configuration managed as code (PR-gated) with auditable pipelines;
high-risk drift auto-remediated.
• No-clickops. ≥80% reduction in portal-only changes; exceptions documented with a time-boxed
path to code.
• Reliability. Published SLOs for Exchange/Teams; >99.9% availability; <4h MTTR for P1s; RCAs
completed with verified fixes.
• Power Platform. DLP enforced, ALM/solution checker live; maker program running with safe
growth and zero critical DLP violations.
• Licensing. ≥8–12% YoY cost avoidance/savings, ≥98% allocation accuracy, clean audit posture
with evidence.
• M365 Training Portal. Launched/refreshed with ≥60% monthly active employees in target cohorts,
≥70% completion on core curricula, CSAT ≥4.3/5, and quarterly content freshness reviews.
• Team Development. Skills matrix baselined; quarterly growth conversations completed; critical
skills coverage ≥90%; time-to-onboard to independent PRs ≤45 days.
What you’ll do (day to day)
• Lead roadmap and standards; coach senior ICs while staying hands-on.
• Author Terraform modules and Graph/PowerShell tooling; enforce policy-as-code.
• Build GitLab CI/CD for promotion, checks, compliance evidence, drift monitors, and
auto-remediation.
• Publish M365 SLO dashboards; run incident response and RCA quality.
• Own licensing end-to-end: forecasting, renewal/negotiation, SKU strategy, analytics, savings
tracking, Finance/Leadership reporting.
• Own the M365 training portal product: curriculum roadmap, SME governance, analytics, and
adoption plays; partner with the SharePoint team for delivery.
• Co-define the operating model with Security and Workplace Tech; integrate with Service Desk
runbooks.
What great looks like (must-haves)
• Proven platform leadership with deep, hands-on Entra ID/Azure AD (CA, PIM, app reg/consent,
federation, SCIM).
• Strong M365 Core (Exchange/Teams) and Power Platform governance (DLP, ALM, CoE patterns).
• Automation-first: Git-based workflows, GitLab CI, Graph API/PowerShell, Terraform
(AzureAD/M365), policy-as-code, SLOs/error budgets.
• Licensing program ownership with measurable savings and allocation hygiene.
• Team builder: hiring, coaching, skill matrices, feedback culture, on-call quality bar.
• Incident/RCA leadership and the backbone to say no to one-offs and push to codified, repeatable
solutions.
Nice-to-haves
• IGA (SailPoint/Entra ID Governance), secrets management, and PAM integrations.
• Built a Power Platform CoE and scaled maker communities safely.
• Regulated environments (SOX/ISO) with automated evidence.
• M platform integrations (tenant consolidation, domain migrations).
How we work (non-negotiables)
• No clickops. If it has a lifecycle, it lives in code behind a PR.
• Security by default. Least privilege and strong auth baseline everything.
• Measure it. SLOs, drift, and cost on dashboards—not in slideware.
• Blameless and fast. We fix, we learn, we automate.#ZR