[Remote] Staff Enterprise and Cloud Engineer

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Zocdoc is the leading healthcare marketplace dedicated to empowering patients by simplifying access to care. As a Staff Enterprise and Cloud Engineer, you will lead the technical vision for identity and access management, ensuring secure and efficient operations across Zocdoc's corporate cloud infrastructure.ResponsibilitiesOwn the multi-year technical roadmap and architectural standards for Corporate and Cloud IAM (centered on Entra ID), acting as the technical authority who uplevels the team through design reviews and RFCsArchitect secure SSO, SCIM, and JIT provisioning patterns for all enterprise tools, specifically owning the access posture, spend governance, and automated approval workflows for AI platforms (OpenAI, Claude, GCP)Define configuration standards, security baselines, and lifecycle management patterns that scale across dozens of SaaS platforms. Drive consolidation and rationalization initiatives, and proactively close governance gaps before they become audit findings or incidentsField escalated tickets to identify and eliminate repeating manual work—converting complex access requests into self-service paths or automated workflows using Terraform, Python, or PowerShellParticipate in a tiered on-call rotation for triaging functional area outages, conditional access failures, compromised accounts, and break-glass events, and convert recurring pages into automated detections, runbooks, and self-healing workflows to reduce toil over timeOwn the architectural engineering of endpoint configuration, software distribution, and provisioning workflows across Jamf (macOS) and Intune (Windows), partnering with InfoSec on hardening baselines and rolling out enterprise software (including AI developer tools) at scaleHands-on ownership of identity certificate and token lifecycles, GitHub access pipelines, and AWS landing-zone governance (Control Tower/IAM baselines) to ensure proactive monitoring and prevent configuration driftPartner with Security to drive Zero Trust initiatives, integrating Conditional Access with device posture data from Intune, Jamf, and CrowdStrike across the broader SaaS estate (Snowflake, Jira, Google Workspace)Lead IAM workstreams for HITRUST and SOC2 cycles by translating audit requirements into reusable engineering patterns and participating in a critical on-call rotation for access-related incidentsServe as a trusted technical partner to InfoSec, People Systems, Compliance, and Engineering leadership. Influence roadmap priorities based on deep understanding of stakeholder needs, and represent IT Engineering in strategic planning, audit cycles, and incident responseLead initiatives whose impact is recognized at the organizational level identity governance transformation, least-privilege enforcement at scale, or AI access governance translating business goals into actionable plans and aligning multiple teams behind themSkillsDeeply fluent in Microsoft Entra ID (Identity Governance, Access Packages), SSO/SCIM standards (SAML, OIDC), and custom integrations for a diverse SaaS and AI estateExcited to scale AI platforms like OpenAI and Anthropic through thoughtful RBAC, tiered spend/quota governance, and secure, consumable access patternsComfortable working the access queue to identify patterns, with a relentless focus on building the automation and self-service tools that retire repetitive manual workA cross-functional partner who models Staff-level behaviors by mentoring engineers, aligning stakeholders, and setting the technical standards that drive adoption across the organizationAn outcome-driven leader who brings humility, curiosity, and a sense of humor to solving challenging problems in a growing, high-scale environmentOwn the multi-year technical roadmap and architectural standards for Corporate and Cloud IAM (centered on Entra ID), acting as the technical authority who uplevels the team through design reviews and RFCsArchitect secure SSO, SCIM, and JIT provisioning patterns for all enterprise tools, specifically owning the access posture, spend governance, and automated approval workflows for AI platforms (OpenAI, Claude, GCP)Define configuration standards, security baselines, and lifecycle management patterns that scale across dozens of SaaS platforms. Drive consolidation and rationalization initiatives, and proactively close governance gaps before they become audit findings or incidentsField escalated tickets to identify and eliminate repeating manual work—converting complex access requests into self-service paths or automated workflows using Terraform, Python, or PowerShellParticipate in a tiered on-call rotation for triaging functional area outages, conditional access failures, compromised accounts, and break-glass events, and convert recurring pages into automated detections, runbooks, and self-healing workflows to reduce toil over timeOwn the architectural engineering of endpoint configuration, software distribution, and provisioning workflows across Jamf (macOS) and Intune (Windows), partnering with InfoSec on hardening baselines and rolling out enterprise software (including AI developer tools) at scaleHands-on ownership of identity certificate and token lifecycles, GitHub access pipelines, and AWS landing-zone governance (Control Tower/IAM baselines) to ensure proactive monitoring and prevent configuration driftPartner with Security to drive Zero Trust initiatives, integrating Conditional Access with device posture data from Intune, Jamf, and CrowdStrike across the broader SaaS estate (Snowflake, Jira, Google Workspace)Lead IAM workstreams for HITRUST and SOC2 cycles by translating audit requirements into reusable engineering patterns and participating in a critical on-call rotation for access-related incidentsServe as a trusted technical partner to InfoSec, People Systems, Compliance, and Engineering leadership. Influence roadmap priorities based on deep understanding of stakeholder needs, and represent IT Engineering in strategic planning, audit cycles, and incident responseLead initiatives whose impact is recognized at the organizational level identity governance transformation, least-privilege enforcement at scale, or AI access governance translating business goals into actionable plans and aligning multiple teams behind themTrack record leading identity or enterprise platform initiatives at a multi-thousand-employee organization, with measurable outcomes (toil eliminated, audit findings reduced, time-to-access shortened, or comparable business metrics)Demonstrated ability to drive adoption of standards across teams through RFCs, design reviews, and architectural pattern-setting10+ years in IT/Systems (mid-to-large scale) as a 'player-coach' with a proven track record of defining adoption-ready standards and writing the design docs/RFCs that become the organization's source of truthDeep expertise in Microsoft Entra ID (Conditional Access, PIM, Identity Governance) and the ability to own the entire identity lifecycle, including onboarding/offboarding flows and permission hygieneExtensive experience delivering SSO and SCIM integrations (SAML, OIDC/OAuth) across a massive SaaS estate, with a focus on replacing manual access work with programmatic or self-service provisioningA systems-thinker comfortable being measured by toil eliminated; expert at automating workflows across IdP, HRIS (Workday), and SaaS platforms via APIs to remove repetitive manual tasksExperience governing IAM, spend, and quotas for AI platforms (OpenAI, Anthropic) and fluency in using Generative AI tools (Claude Code, LLMs) to accelerate engineering velocityExperience in audit-sensitive environments (HITRUST/SOC2 evidence collection) and owning the security hygiene of the identity certificate and token lifecycleFamiliarity with the broader endpoint and security ecosystem, including Intune, Jamf, Google Workspace, and CrowdStrike, to ensure a cohesive identity posture across all platformsHands-on experience with AWS infrastructure and networking primitives (VPC, DNS, Load Balancing) to debug connectivity, utilizing AWS CDK, Terraform, Python, or PowerShell for automationBenefitsCertain positions are also eligible for variable pay and/or equity.Company OverviewZocdoc is a digital marketplace company that connects healthcare patients and doctors. It was founded in 2007, and is headquartered in New York, New York, USA, with a workforce of 501-1000 employees. Its website is http://www.zocdoc.com.Company H1B SponsorshipZocdoc has a track record of offering H1B sponsorships, with 2 in 2026, 10 in 2025, 3 in 2024, 6 in 2023, 20 in 2022, 5 in 2021, 6 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Exercise Physiologist – Wellness – Carilion Wellness Roanoke (Roanoke, VA, US, 24018)

Remote

Commercial Title Policy Typist (Independence Title - Austin, TX Area)

Remote

Senior AI Engineer - Poe (Remote)

Remote

JR-69389 SF BusinessAnalyst/Consultant (Spiff) Middle

Remote

Experienced Full Stack Customer Support Specialist – Global Operations and Client Experience Improvement

Remote

Junior SOC Analyst Internship

Remote

Urgently Hiring: Warehouse Operations Associate - Entry Level

Remote

[Hiring] Data Entry Operator I @University of Iowa

Remote

VP, Human Resources

Remote

Managers, Finance

Remote
← Back