Senior Platform Engineer in Renton, Washington at Radiant Global Logistics Inc

Position Title: Senior Platform Engineer

Location: Renton, WA 98057

Company: Radiant Global Logistics Inc

Position Type: Full Time

Salary Range: $120,000.00 - $140,000.00 Salary/year

The Sr. Platform Engineer — Identity & Modern Workplace is the senior technical owner of three platform domains at Radiant: identity & access, endpoint management, and productivity & collaboration. You'll architect and operate these domains as integrated platforms — designing how people authenticate, how their devices are governed, and how they collaborate securely — and you'll continue to own and evolve those platforms as Radiant grows.
In the build phase, you'll lead the design and execution of Radiant's move to a modern, cloud-native model for identity and endpoint management — establishing zero-trust access patterns, modern device posture, secure collaboration, and platform governance. In steady state, you'll evolve and govern the platform, partnered with a Jr. Systems Administrator who handles day-to-day operational support. You'll remain hands-on throughout — solving complex issues, leading escalations, and providing T2/T3 support to Renton HQ as needed.
We care more about how you think about platform problems than which vendor's product you've memorized. The current implementation is Microsoft (Entra ID, Intune, Microsoft 365, SharePoint), and you'll work in that stack daily — but we're hiring an engineer who can evaluate, adopt, and integrate the right tools for a given problem, not someone tied to a single vendor's roadmap.

Radiant is an AI-driven organization. We expect senior engineers to be fluent across modern AI tooling — Claude, Gemini, and Microsoft Copilot are all in active use — and to pick the right tool for the work at hand. You'll leverage AI as a core part of how you engineer: scripting and automation, design exploration, policy and log analysis, runbook and documentation generation, troubleshooting, and architectural thinking. We care less about which tool you reach for and more that you can reach effectively across all of them.
This role partners closely with our Security Analyst/Engineer on the identity-security boundary, with Infrastructure/SRE on cloud and server platform handoffs, and with Support Services on user-facing escalations.

So that candidates know exactly what they're walking into: Radiant currently runs on the Microsoft platform across identity, endpoint, and productivity domains — Entra ID, Intune, Microsoft 365, SharePoint, and Exchange Online — and the bulk of day-to-day work happens in that stack. We're hiring an engineer who can operate that environment effectively today and evaluate, integrate, or replace components as the platform evolves. Familiarity with the current stack is valuable; rigid attachment to it is not. Mac devices are part of the fleet (~30) and are managed through the same MDM platform as Windows.

Identity & Access

1. Own the identity platform end-to-end: identity lifecycle (joiners, movers, leavers), directory and group strategy, and hybrid identity where required.

2. Design and operate zero-trust access — conditional/contextual access policies, modern authentication, MFA, and risk-based controls — in partnership with SecOps.

3. Govern application identity: SSO and federation patterns, OAuth/OIDC app registrations and consent, service principals, and third-party SaaS integration (including SCIM provisioning where supported).

4. Define and maintain access architecture — RBAC models, role assignments, permission boundaries, privileged access patterns, and access reviews.

Endpoint & Device Posture

1. Own modern device management for the fleet — enrollment, configuration, compliance, application delivery, and update strategy — across both Windows and macOS.

2. Establish and enforce device posture as a foundation for conditional access and zero-trust enforcement.

3. Build provisioning experiences that minimize friction for end users while meeting security and compliance requirements.

Productivity & Secure Collaboration

1. Own the collaboration and productivity platform — email, messaging, file collaboration, and content management — including governance, lifecycle, and external sharing models.

2. Implement data protection patterns (DLP, sensitivity labels, retention) in partnership with SecOps, who owns the policy direction.

Platform Modernization

1. Lead the technical design and execution of Radiant's move from legacy on-premises identity and endpoint management to a modern, cloud-native model.

2. Apply working knowledge of legacy on-prem patterns (Active Directory, Group Policy, traditional MDM/imaging) to navigate, document, and decommission legacy artifacts during transition. Ongoing administration of legacy on-prem systems is not the focus of this role.

3. Document target-state architecture, migration plans, rollback strategies, and operational runbooks.

4. Continuously evaluate the platform stack against business needs — recommend integration, replacement, or expansion when the current tooling is no longer the right fit.

Automation, IaC & AI-Enabled Engineering

1. Drive automation across managed platforms using a modern scripting and API toolkit — PowerShell and Microsoft Graph for the M365 ecosystem, Python and REST APIs broadly, and Infrastructure-as-Code (Terraform or equivalent) for declarative platform configuration where it provides leverage.

2. Apply AI tooling fluently across the day-to-day — Claude, Gemini, and Microsoft Copilot are all in active use at Radiant — for scripting and IaC generation, design exploration, policy and log analysis, runbook and documentation drafting, and accelerated troubleshooting.

3. Use Microsoft Copilot where it is native to the M365 ecosystem and provides capability the general-purpose AI tools cannot — for example, Security Copilot in incident workflows or Copilot-assisted administration inside Intune and M365 admin centers.

Operations & Team

1. Maintain comprehensive documentation of managed platforms — architecture, configuration, runbooks, and SOPs.

2. Execute change management for platform changes — maintenance windows, rollout planning, and communication.

3. Own license management and capacity forecasting for platforms under your domain.

4. Provide hands-on T2/T3 support to Renton HQ for issues escalated beyond the Service Desk.

5. Mentor the Jr. Systems Administrator on platform operations, troubleshooting, and best practices.

Required Experience

1. Bachelor's degree in Computer Science, Information Systems, or related field — or equivalent technical experience.

2. 7+ years in enterprise IT with progressive responsibility in identity, endpoint, or platform engineering.

3. 4+ years of hands-on, in-depth experience operating modern cloud identity platforms at enterprise scale — Entra ID (Azure AD), Okta, Google Workspace, or equivalent. Direct experience with Entra is valued; equivalent depth on a comparable platform is acceptable.

4. Production experience with modern endpoint / MDM platforms at scale — Intune, Jamf, Kandji, Workspace ONE, or equivalent — including configuration, compliance, and application delivery.

5. Strong production experience designing and operating modern authentication and zero-trust access — conditional/contextual access, MFA, SSO/federation, OAuth/OIDC, SAML.

6. Strong scripting and API integration skills in at least one modern language (PowerShell, Python, or equivalent), with proven ability to automate platform work end-to-end.

7. Demonstrated written communication — architecture documents, runbooks, and decision records.

Technical Skills

1. Modern authentication & federation: SSO/SAML, OAuth 2.0 / OIDC, modern auth flows, conditional/contextual access design, MFA, app registrations and consent governance. Current stack: Entra ID, Conditional Access, PIM.

2. Identity lifecycle & governance: joiner/mover/leaver automation, access reviews, RBAC, privileged access, SCIM provisioning to/from SaaS. Current stack: Entra ID, Entra ID Governance.

3. MDM at scale: modern device enrollment, configuration, compliance, application delivery, and update strategy across Windows and macOS. Current stack: Intune; the environment includes a small macOS fleet (~30 devices).

4. Secure collaboration & data protection: email, messaging, file collaboration, content management, DLP, sensitivity labels, retention. Current stack: Microsoft 365, Exchange Online, Teams, SharePoint Online, OneDrive, Purview.

5. Automation & IaC: modern scripting (PowerShell, Python, or equivalent), REST API integration, and Infrastructure-as-Code (Terraform or equivalent) applied to platform configuration where it provides leverage. Current stack: PowerShell + Microsoft Graph for M365 work; broader tooling where applicable.

6. Legacy bridge: working knowledge of on-premises Active Directory, Group Policy, and traditional MDM/imaging — sufficient to decommission legacy estates during modernization.

Preferred / Asset

1. Demonstrated experience leading or executing a migration from on-premises identity and endpoint management (AD/GPO/SCCM or equivalent) to a modern cloud-native model.

2. Experience integrating macOS devices into a modern identity and MDM platform — Apple Business Manager, Automated Device Enrollment, Platform SSO, compliance profiles, FileVault management, and macOS application deployment.

3. Hands-on experience across multiple modern identity or endpoint platforms (e.g., both Entra and Okta, or both Intune and Jamf) — demonstrating adaptability beyond a single vendor.

4. Certifications in any of: Microsoft (SC-300, MD-102, MS-700, MS-100/101), Okta, Apple/Jamf, Google Workspace, or relevant security/cloud certifications (CISSP, AWS, Azure).

5. Experience operating in a SOX-controlled environment, including evidence gathering and access reviews.

6. Experience with Infrastructure-as-Code at scale (Terraform, Bicep, or equivalent) and CI/CD-driven platform configuration.

7. Familiarity with SIEM and security platforms from a platform-integration perspective (security operations not required).

Behavioral & Working Style

1. Thinks in capabilities and outcomes first, products second — evaluates tools on fit rather than vendor loyalty, and is willing to integrate, replace, or extend the stack when a better option exists.

2. Comfortable operating in both architect-mode (design, planning, modernization leadership) and operator-mode (hands-on administration, escalations, ticket work).

3. Fluent across modern AI tooling — uses Claude, Gemini, and Copilot interchangeably as everyday engineering tools, with strong judgment about which to reach for and when to trust or verify output.

4. Strong written communication — produces clear documentation, runbooks, and platform decisions.

5. Collaborative with peers in Security, Infrastructure, and Development — clear on ownership boundaries without being territorial.

6. Pragmatic about legacy systems: knows when to migrate, when to integrate, and when to leave well enough alone.

To set clear expectations, the following areas are owned by other teams and are not part of this role's responsibilities:

1. Network design and administration (Infrastructure/SRE).

2. Server, VM, and cloud compute infrastructure (Infrastructure/SRE).

3. Application development, CI/CD pipelines, and database schema (Development).

4. Security policy ownership, SIEM operations, and vulnerability management (SecOps — this role partners but does not own).

5. SAP administration and application support (Support Services / SAP team).

Work Schedule

1. Full time schedule of minimum 8 hours per day with flexibility to complete all required job duties and responsibilities.

Work Environment

1. Usually moderate noise level.

2. Climate controlled office environment.

Physical Demands

1. Regular physical demands: Walk; sit; use hands to handle or feel; use fingers for keyboarding; reach with hands and arms; talk and hear.

2. Specific vision abilities: close vision, distance vision, peripheral vision, ability to adjust focus.

Salary Range: $120,000 - $140,000 per year

Starting pay is based on multiple factors, including but not limited to education, work experience, skills, and job-related knowledge. Pay ranges may be modified in the future.

Featured Benefits

1. Medical, Dental, and Vision insurance (employee and family coverage)

2. Company-paid basic life insurance

3. Short-Term & Long-Term Disability insurance

4. Health Savings Account with company contributions

5. Flexible Spending Account options

6. 401(k) retirement savings plan with 3.5% employer match

7. 80 hours of front-loaded Sick Pay

8. 80 hours of Vacation Pay annually, with increases based on tenure

9. 7 paid holidays per year

10. Employee Assistance Program (EAP)

Radiant Logistics, Inc. (www.radiantdelivers.com) (NYSE American: RLGT) is a publicly traded third party logistics company providing technology-enabled global transportation and value added logistics solutions primarily to customers based in the United States and Canada. Through its comprehensive service offering, Radiant provides domestic and international freight forwarding along with truck and rail brokerage services to a diversified account base including manufacturers, distributors and retailers which it supports from an extensive network of Radiant and agent-owned offices throughout North America and other key markets around the world. Radiant's value-added logistics services include warehouse and distribution, customs brokerage, order fulfillment, inventory management and technology services.

As part of Radiant, you'll join a learning environment in which passion, dedication, and a commitment to getting the job done are valued. That’s what being on our team is all about. It’s an environment in which you can thrive and gain valuable skills and experience, which also helps Radiant grow. If this sounds like the kind of company you are looking for, we would love to hear from you!

Radiant is an Equal Employment Opportunity (EEO) employer. It is the policy of the Company to provide equal employment opportunities to all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran or disabled status, or genetic information.