Platform Engineer

The Platform Engineer is the senior individual contributor responsible for STARR Restaurant's cloud and platform infrastructure. Reporting to the Director, Infrastructure and Security, this role owns the architecture, optimization, and ongoing operations of STARR's Microsoft Azure, Microsoft 365, Amazon Web Services, Exchange, and Microsoft Fabric environments. The Platform Engineer leads the 2026 Identity and Access Management initiative, serves as the technical lead for enterprise SaaS security and integration, and provides on-call escalation leadership for cloud and platform incidents.

This is an Engineer-level role within STARR's Information Technology career framework. The Platform Engineer is expected to operate independently on complex multi-month projects, make and document design-level decisions, mentor analyst-level staff, coordinate directly with vendors and managed service partners, and serve as the senior technical voice for STARR's platform footprint. The role partners closely with the Security Analyst, the Infrastructure Analyst, the Workday Systems Manager, and STARR's managed services partner.

Essential Duties and Responsibilities:

Cloud Platform Engineering

• Own the architecture, optimization, and operations of STARR's Microsoft Azure environment, including the transition from STARR's current 'lift and shift' VM-hosted footprint to appropriate cloud-native services in a manner that improves reliability, performance, and cost posture.
• Manage Amazon Web Services workloads and Microsoft 365 tenant administration in partnership with Continental Resources, STARR's managed services partner.
• Lead Microsoft Fabric administration including capacity management, workspace governance, dataflow and lakehouse design, and integration with downstream reporting consumers.
• Design, document, and operationalize Infrastructure as Code patterns for STARR's Azure and M365 environments; introduce GitOps-style change management practices.

Identity and Access Management

• Serve as the technical lead for STARR's 2026 Identity and Access Management initiative, including single sign-on standardization, Microsoft Entra ID Conditional Access design, Cisco Duo Passport integration, and identity governance through SailPoint Identity Security Cloud.
• Partner with the Security Analyst on access reviews, privileged access management, and automation of joiner-mover-leaver workflows in coordination with Workday HCM.
• Design and operationalize role-based access patterns across enterprise SaaS platforms, including standardization of SSO and SCIM provisioning where supported.

Data Protection and Data Loss Prevention

• Lead the design, pilot, and rollout of Data Loss Prevention controls across Microsoft 365, Microsoft Purview, and approved SaaS platforms; balance protective controls against operational usability.
• Partner with the STARR Legal and the Director, Infrastructure and Security on data classification taxonomy enforcement, sensitivity labels, and retention policy operationalization aligned to the in-flight Data Classification and Retention Policy.

Endpoint and Mobility Platform

• Architect and maintain STARR's Microsoft Intune and Jamf Pro environments in support of the enterprise MDM rollout; oversee the operational decommission of the legacy Mosyle environment.
• Define and enforce device compliance baselines feeding into Microsoft Entra Conditional Access, including coordination with the company's mobile device rollout program.

SaaS Application Security and Integration

• Advise on security architecture, integration patterns, and access management for enterprise SaaS platforms including Workday, Toast, FreshService, RESY, OpenTable, Triple Seat, CTUIT, and CRM platforms under evaluation.
• Serve as IT lead on integration architecture for net-new platform onboarding, with particular focus on PCI scope minimization, SSO/SCIM standardization, and observability.
• Partner with Marketing Technology on web platform infrastructure and CDN/WAF strategy as part of the in-flight marketing technology governance program.

Operations, Mentorship, and Vendor Leadership

• Serve as the escalation lead for cloud and platform incidents, providing senior technical leadership during P1 and P2 events under the STARR Incident Response Plan.
• Mentor the Infrastructure Analyst and the Security Analyst on cloud and platform topics through pairing, code review, project shadowing, and structured one-on-ones.
• Lead technical vendor reviews for platform-class procurements; represent STARR in vendor architecture and capacity planning discussions.
• Contribute to STARR's technology roadmap with point of view on platform direction, technical debt reduction, and emerging capability adoption.

Required Qualifications

• Five to eight years of progressively responsible experience in cloud infrastructure, platform engineering, or enterprise systems engineering, with at least the most recent role focused on cloud platform ownership.
• Production experience with Microsoft Azure across both IaaS and PaaS, and with Microsoft 365 (Exchange Online, SharePoint Online, Teams, Purview); ability to discuss specific design decisions and operational tradeoffs.
• Demonstrated experience leading Identity and Access Management design and deployment, including Microsoft Entra ID, single sign-on, multifactor authentication, and conditional access.
• Hands-on experience with at least one Identity Governance and Administration platform (SailPoint preferred; Saviynt, Okta IGA, or comparable acceptable), or strong willingness to operate one with focused ramp.
• Experience implementing Data Loss Prevention controls in Microsoft 365 / Microsoft Purview or a comparable platform.
• Strong scripting and automation capability in PowerShell (required); experience with at least one Infrastructure as Code tool such as Bicep, ARM, or Terraform (strongly preferred).
• Demonstrated ability to operate independently on multi-month projects, to make and document architecture decisions, and to mentor analyst-level staff.
• Excellent written communication; able to author architecture documentation, security and risk justifications, and executive-ready summaries.
• Willingness to serve as after hours escalation lead for platform incidents.
• Ability to work in our corporate office in Philadelphia.

Preferred Qualifications

• Experience with Microsoft Fabric, Power BI, or an equivalent enterprise data platform in a tenant administration or platform ownership capacity.
• Multi-site or multi-tenant operational experience, particularly in hospitality, retail, or healthcare environments.
• Experience operating under PCI DSS (v3.2.1 or v4.0) and CIS Controls v8 IG2.
• Working knowledge of AWS in a hybrid or supplementary cloud capacity.
• Exposure to Workday integration architecture, including Workday Studio, EIBs, or Workday APIs.
• Experience with CrowdStrike Falcon, Proofpoint, DNSFilter, or other security tooling at a platform integration level.

Certifications

• Preferred at hire or within twelve months: Microsoft Certified: Azure Administrator Associate (AZ-104), or demonstrably equivalent role-based experience and willingness to certify.
• Preferred: AZ-305 (Azure Solutions Architect Expert), SC-300 (Identity and Access Administrator Associate), SC-100 (Cybersecurity Architect Expert), MS-102 (Microsoft 365 Administrator), AWS Solutions Architect Associate, or CISSP.

Education

Bachelor's degree in Computer Science, Information Systems, or related discipline preferred. Equivalent enterprise platform experience, certifications, and demonstrated capability will be considered in lieu of a formal degree.