Infrastructure Engineer

Founded in 1999, Audax Group is a leading alternative investment manager with offices in Boston, New York, San Francisco, London and Hong Kong. With approximately $42 billion of assets under management and more than 475 employees, Audax is a leading capital partner for middle market companies, operating through three business lines: Audax Private Equity, Audax Private Debt, and Audax Strategic Capital.

For more information, visit the Audax Group website www.audaxgroup.com. or follow us on LinkedIn.

Position Summary

The Infrastructure Engineer (Identity & Access Management) is a senior individual contributor responsible for designing, implementing, and operating the firm’s identity and access management capabilities. This role serves as the subject matter expert for Entra ID, Conditional Access, SSO, MFA, and Zscaler ZPA, enabling secure access to enterprise systems through zero trust and least privilege principles.

Responsibilities

Identity and Access Architecture and Operations

• Design, implement, and operate enterprise identity and access management solutions aligned with zero trust, least privilege, and risk-based access principles.
• Define, maintain, and enforce standards for SSO, MFA, Conditional Access, and access governance across cloud and on-premises systems.
• Serve as the technical authority for identity-driven access patterns, authentication architectures, secure access workflows, and identity lifecycles.
• Administer Entra ID environments, including tenant configuration, identity settings, and access policies.
• Design, implement, and manage Conditional Access policies based on user risk, device posture, and access context.
• Deliver and operate SSO integrations for SaaS and internal applications, including onboarding, testing, rollout, troubleshooting, and ongoing support.
• Configure and manage Entra ID Enterprise Applications, including assignment scoping, permission governance, and access models.
• Govern Microsoft Graph API access, including permission scoping and consent workflows.
• Administer Zscaler ZPA for private application access, connectivity policies, and operational support, partnering with application owners to enable secure access.

Network and Access Control

• Administer and support Meraki switching and wireless access points, including configuration, monitoring, and lifecycle management.
• Manage network access controls and firewall policies using FortiGate to support identity-aware access.
• Troubleshoot network connectivity and access issues across wired, wireless, and remote access environments, collaborating with security and infrastructure teams as needed.

Governance, Risk and Compliance

• Conduct periodic access reviews and partner with system owners to remediate access gaps and policy violations.
• Participate in annual third-party cyber and risk assessments, addressing identity and access related findings.
• Develop operational metrics and reporting to communicate platform health, access risks, and improvement areas to management.
• Maintain documentation, standards, and procedures for identity and access services.
• Serve as the primary escalation point for identity and access related incidents, outages, and security events, coordinating response and remediation with Information Security and Infrastructure teams.

Technical Qualifications

• Expert level experience administering Entra ID, including tenant configuration, identity settings, and access policy management.
• Expert level experience designing and maintaining Conditional Access policies aligned to risk-based access and least privilege principles.
• Strong experience delivering and operating SSO and MFA at enterprise scale.
• Strong experience configuring Entra ID Enterprise Applications, including assignment scoping and permission governance.
• Experience governing Microsoft Graph API permissions, including scoping, consent workflows, and least privilege controls.
• Hands-on experience administering Zscaler ZPA.
• Working knowledge of OAuth, OpenID Connect, SAML, and LDAP.
• Working knowledge of networking fundamentals related to authentication and access control.
• Strong troubleshooting skills across authentication, authorization, and access flows.

Preferred Qualifications

• Familiarity with Microsoft Intune.
• Familiarity with Microsoft Purview.
• PowerShell scripting and automation experience.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or equivalent practical experience.
• 5+ years of experience in Identity and Access Management or closely related infrastructure or security roles.
• Demonstrated ability to lead cross-functional initiatives while remaining hands-on technically.

Location: Boston, MA with 4 days a week in the office

The base salary range for this position is $120,000 - $163,000. The base salary range represents the estimated low and high end for this position at the time of this posting. Consistent with applicable law, compensation may vary a