Overview:
CP Unlimited is a leading nonprofit organization dedicated to supporting individuals with intellectual and developmental disabilities. With programs spanning residential, clinical, and day services across the New York Metropolitan area, CP Unlimited uses technology to improve care coordination, operational efficiency, and service delivery for the people it supports.
We are seeking an experienced IAM and IT Operations Analyst to join our enterprise technology team. This is a fully remote position, and applicants may work from anywhere in the United States. This role will support CP Unlimited’s cloud-first strategy by helping manage identity and access management, Microsoft 365 administration, user lifecycle processes, endpoint operations, SaaS application access, security controls, operational documentation, and day-to-day technology service delivery.
The IAM and IT Operations Analyst will work closely with infrastructure, security, support, application, and business teams to ensure users have secure and appropriate access to the systems they need. This role will help strengthen account lifecycle management, improve operational consistency, support audit readiness, troubleshoot technical issues, and maintain reliable technology services across Microsoft 365, Entra ID, Intune, Azure, and related SaaS platforms.
The ideal candidate is a strong communicator, detail-oriented problem solver, and continuous learner who is comfortable supporting both identity governance and IT operations. This role requires the ability to translate technical concepts into practical guidance, support users and stakeholders through change, and balance security, compliance, operational stability, and user experience.
Key Responsibilities:
Identity and Access Management
Endpoint and IT Operations Support
-
Support Microsoft Intune for device enrollment, compliance policies, endpoint security, application deployment, device configuration, and mobile device management.
-
Assist with endpoint lifecycle operations including device onboarding, configuration, compliance monitoring, application delivery, remote actions, and device retirement.
-
Support endpoint security and operational standards, including BitLocker, Defender configuration, compliance policies, patching, and configuration baselines.
-
Partner with helpdesk, infrastructure, and security teams to resolve user, device, access, and application issues.
-
Assist with operational support for Windows devices, mobile devices, shared devices, and cloud-managed endpoints.
-
Contribute to process improvement, automation, and standardization efforts that improve service delivery, reduce manual work, and strengthen operational consistency.
Security Operations and Risk Support
-
Monitor, triage, and assist with remediation of identity, endpoint, Microsoft 365, and cloud-related security alerts.
-
Support Microsoft Defender capabilities, including Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and related alerting workflows.
-
Assist with SIEM monitoring, log review, alert triage, incident documentation, remediation tracking, and escalation to appropriate technical teams.
-
Support vulnerability management processes, including review of findings, remediation coordination, exception tracking, aging risk review, and validation of completed actions.
-
Participate in incident response activities related to compromised accounts, suspicious sign-ins, mailbox events, endpoint alerts, data exposure, and access control failures.
-
Help maintain security controls aligned with NIST, cybersecurity best practices, HIPAA expectations, and organizational security requirements.
-
Support secure configuration reviews for identity, endpoint, collaboration, cloud, and SaaS platforms.
Cloud and SaaS Operations
-
Support Azure administration activities related to subscriptions, resource groups, identity permissions, monitoring, policy, and governance controls.
-
Assist with cloud access management, secure configuration baselines, policy enforcement, and least privilege practices across Azure and connected SaaS platforms.
-
Support SaaS application administration, including account provisioning, access reviews, role assignments, SSO configuration, licensing, and deprovisioning.
-
Assist with new cloud service deployments, application integrations, platform updates, and post-implementation validation.
-
Document operational requirements, support processes, risks, access models, and administrative procedures for cloud and SaaS services.
-
Contribute to backup, recovery, business continuity, and service restoration support for cloud platforms and related services.
AI and Emerging Technology Support
-
Support secure adoption of Microsoft Copilot and other AI-enabled platforms through access reviews, configuration support, documentation, and stakeholder coordination.
-
Assist with governance of AI-related services, connectors, plugins, automation tools, and integrations to reduce data exposure and unauthorized access risks.
-
Support data protection controls related to AI and collaboration platforms, including retention, labeling, secure sharing, and DLP considerations.
-
Partner with business and technology teams to evaluate new cloud, collaboration, automation, and security technologies.
-
Develop technical and user-facing documentation, standards, and knowledge articles for emerging technologies and new platform capabilities.
-
Help communicate new feature readiness, support needs, risk considerations, and rollout requirements to both technical and non-technical stakeholders.
Qualifications:
-
Minimum 3 to 5 years of experience supporting identity and access management, Microsoft 365 administration, IT operations, security operations, or a similar enterprise technology environment.
-
Experience with Microsoft Entra ID, including users, groups, enterprise applications, conditional access, MFA, role assignments, and identity governance.
-
Experience supporting user lifecycle management, including onboarding, transfers, access changes, account disabling, terminations, and access removal.
-
Experience with Microsoft 365 administration, including Exchange Online, Teams, SharePoint Online, OneDrive, and Microsoft 365 groups.
-
Experience with Microsoft Intune, device compliance, endpoint configuration, application deployment, and endpoint security controls.
-
Familiarity with Microsoft Defender security tools and basic security monitoring, investigation, and response processes.
-
Experience supporting SaaS application access, SSO, enterprise applications, service principals, API permissions, and secure integration workflows.
-
Familiarity with Microsoft Purview, retention, DLP, sensitivity labels, information protection, or compliance controls is preferred.
-
Experience with scripting or automation using PowerShell, Microsoft Graph, Logic Apps, or similar tools is preferred.
-
Strong interpersonal skills with the ability to communicate clearly and professionally with staff, vendors, leadership, and technical teams at all levels.
-
Ability to create clear technical documentation, standards, procedures, reports, and user guidance.
-
Strong problem-solving skills with the ability to manage priorities, adapt to change, and support a fast-moving cloud and IT operations environment.