Staff Enterprise and Cloud Engineer

*Please note, we are open to remote candidates for this role.

Your Impact on Our Mission

Zocdoc’s greatest asset is its people. As a Staff Cloud IAM Engineer on our Corporate Cloud Engineering team within Corporate IT, you’ll make it possible for every Zocdoc’r to work securely and efficiently.

You will own the technical vision and strategy for identity and access management across our corporate stack, with Microsoft Entra ID, enterprise SSO/SCIM, and our SaaS and AI platforms at the center. You’ll design scalable identity governance that keeps teams productive while reducing risk, and you’ll lead cross‑functional initiatives that make secure, least‑privilege access the default, not an afterthought.

You’ll also play a key role in the reliability and security of our core corporate infrastructure: helping ensure our AWS/Azure/GCP environments, on‑prem VMware footprint, and foundational services are patched, healthy, and well‑run so engineering and business teams can focus on shipping product and supporting patients and providers.

You'll enjoy this role if you are…

• Technical Domain Expert: Deeply fluent in Microsoft Entra ID (Identity Governance, Access Packages), SSO/SCIM standards (SAML, OIDC), and custom integrations for a diverse SaaS and AI estate.
• AI Governance Pioneer: Excited to scale AI platforms like OpenAI and Anthropic through thoughtful RBAC, tiered spend/quota governance, and secure, consumable access patterns.
• Outcome-Oriented Automationist: Comfortable working the access queue to identify patterns, with a relentless focus on building the automation and self-service tools that retire repetitive manual work.
• Collaborative Leader & Mentor: A cross-functional partner who models Staff-level behaviors by mentoring engineers, aligning stakeholders, and setting the technical standards that drive adoption across the organization.
• Autonomous & Curious Professional: An outcome-driven leader who brings humility, curiosity, and a sense of humor to solving challenging problems in a growing, high-scale environment.

Your day to day is…

• Strategic IAM Vision & Authority: Own the multi-year technical roadmap and architectural standards for Corporate and Cloud IAM (centered on Entra ID), acting as the technical authority who uplevels the team through design reviews and RFCs.
• Scalable SSO & AI Governance: Architect secure SSO, SCIM, and JIT provisioning patterns for all enterprise tools, specifically owning the access posture, spend governance, and automated approval workflows for AI platforms (OpenAI, Claude, GCP).
• Enterprise SaaS Architecture: Define configuration standards, security baselines, and lifecycle management patterns that scale across dozens of SaaS platforms. Drive consolidation and rationalization initiatives, and proactively close governance gaps before they become audit findings or incidents.
• Automation & Toil Elimination: Field escalated tickets to identify and eliminate repeating manual work—converting complex access requests into self-service paths or automated workflows using Terraform, Python, or PowerShell.
• Access Incident Response & On-Call: Participate in a tiered on-call rotation for triaging functional area outages, conditional access failures, compromised accounts, and break-glass events, and convert recurring pages into automated detections, runbooks, and self-healing workflows to reduce toil over time.
• Endpoint Lifecycle & Software Distribution: Own the architectural engineering of endpoint configuration, software distribution, and provisioning workflows across Jamf (macOS) and Intune (Windows), partnering with InfoSec on hardening baselines and rolling out enterprise software (including AI developer tools) at scale.
• Identity Hygiene & Infrastructure: Hands-on ownership of identity certificate and token lifecycles, GitHub access pipelines, and AWS landing-zone governance (Control Tower/IAM baselines) to ensure proactive monitoring and prevent configuration drift.
• Zero Trust & Device Posture: Partner with Security to drive Zero Trust initiatives, integrating Conditional Access with device posture data from Intune, Jamf, and CrowdStrike across the broader SaaS estate (Snowflake, Jira, Google Workspace).
• Compliance & Audit Engineering: Lead IAM workstreams for HITRUST and SOC2 cycles by translating audit requirements into reusable engineering patterns and participating in a critical on-call rotation for access-related incidents.
• Trusted Cross-Functional Partner: Serve as a trusted technical partner to InfoSec, People Systems, Compliance, and Engineering leadership. Influence roadmap priorities based on deep understanding of stakeholder needs, and represent IT Engineering in strategic planning, audit cycles, and incident response.
• Org-Level Visibility: Lead initiatives whose impact is recognized at the organizational level identity governance transformation, least-privilege enforcement at scale, or AI access governance translating business goals into actionable plans and aligning multiple teams behind them.

You'll be successful in this role if you have…

• Scope of Prior Ownership: Track record leading identity or enterprise platform initiatives at a multi-thousand-employee organization, with measurable outcomes (toil eliminated, audit findings reduced, time-to-access shortened, or comparable business metrics).
• Influence Without Authority: Demonstrated ability to drive adoption of standards across teams through RFCs, design reviews, and architectural pattern-setting.
• Architectural Leadership & Influence: 10+ years in IT/Systems (mid-to-large scale) as a "player-coach" with a proven track record of defining adoption-ready standards and writing the design docs/RFCs that become the organization’s source of truth.
• Entra ID & Identity Governance: Deep expertise in Microsoft Entra ID (Conditional Access, PIM, Identity Governance) and the ability to own the entire identity lifecycle, including onboarding/offboarding flows and permission hygiene.
• Scalable Integration Engineering: Extensive experience delivering SSO and SCIM integrations (SAML, OIDC/OAuth) across a massive SaaS estate, with a focus on replacing manual access work with programmatic or self-service provisioning.
• Process Automation & Toil Reduction: A systems-thinker comfortable being measured by toil eliminated; expert at automating workflows across IdP, HRIS (Workday), and SaaS platforms via APIs to remove repetitive manual tasks.
• Modern AI & Ecosystem Management: Experience governing IAM, spend, and quotas for AI platforms (OpenAI, Anthropic) and fluency in using Generative AI tools (Claude Code, LLMs) to accelerate engineering velocity.
• Compliance & Security Hygiene: Experience in audit-sensitive environments ( HITRUST/SOC2 evidence collection) and owning the security hygiene of the identity certificate and token lifecycle.
• Enterprise Platform Oversight: Familiarity with the broader endpoint and security ecosystem, including Intune, Jamf, Google Workspace, and CrowdStrike, to ensure a cohesive identity posture across all platforms.
• Infrastructure-as-Code & AWS: Hands-on experience with AWS infrastructure and networking primitives (VPC, DNS, Load Balancing) to debug connectivity, utilizing AWS CDK, Terraform, Python, or PowerShell for automation.