Technical Services - Cloud Applications Senior Engineer (28111) at Weber School District

A position has been declared open in the Weber School District for a Cloud Applications Senior Engineer. This position is for 8.00 hours per day, 250 days (12 months) per year, is compensated according to Lane 8 of the Technical Services Salary Schedule, and is eligible for benefits.

Applicants may apply at wsd.schoolspring.com. Applications will be reviewed before interviews are scheduled.

Position Overview:

The Cloud Applications Engineer is a senior technical expert within the Technical Services team, responsible for the design, administration, security, and optimization of the district's cloud infrastructure (Microsoft Azure, Google Cloud Platform), core enterprise applications (Google Workspace, Canvas, iBoss, Blocksi), and endpoint/mobile device management solutions (ChromeOS, iOS, Windows). This role demands advanced technical proficiency in cloud platforms, Identity and Access Management (IAM), data analytics, automation scripting, and comprehensive cybersecurity principles (including DLP, endpoint security, and web filtering). The Cloud Applications Engineer leads complex technical initiatives, solves critical system-level problems, develops automation solutions, architects data processes, delivers specialized technical training programs, and provides high-level (Tier 3) support for systems serving over 33,000 students and 5,000 employees across 50 schools. This position plays a vital strategic and operational role in ensuring the security, efficiency, and reliability of the district's digital learning and working environment.

Responsibilities:

• Cloud & Infrastructure Management:

• Administer and manage core components of the district's cloud infrastructure in Microsoft Azure, focusing on Identity and Access Management (Entra ID), Cloud Management Gateways (CMGs), and hybrid syncing from on-prem Active Directory to Endpoint Management (Intune).
• Administer and manage Google Cloud Platform (GCP) services, including Identity and Access Management (IAM), authoring and maintaining SAML applications, enterprise OAuth credentials, and managing project-level configurations.
• Manage and optimize a Debian-based LAMP stack hosting critical district web applications.
• Implement, administer, and integrate large-scale cloud-based enterprise platforms and SaaS applications such as Google Workspace, Azure services, and Canvas LMS.

• Endpoint & Mobile Device Management:

• Design, configure, and maintain device management policies, profiles, and enrollment procedures for ChromeOS devices within Google Workspace.
• Design, configure, and maintain device management policies, profiles, and enrollment procedures for iOS devices within Jamf.
• Design, manage, and support Gopher (ChromeOS and Workspace monitoring) configurations and reports utilized by Chrome device management team.
• Support endpoint configuration and compliance for Windows devices utilizing Entra ID and Intune.

• Identity & Access Management (IAM) & Automation:

• Design and automate user account lifecycle processes, Role-Based Access Control (RBAC), and permissions management across multiple cloud and hybrid-cloud identity solutions using Python and Apps Script.
• Maintain and automate user account and group syncing between Active Directory and Google Workspace (using Google Cloud Directory Sync) and Entra ID (using Entra ID Connect Sync, Entra ID Cloud Sync), including creation, updates, retirement, and automated enterprise license assignments for all Google and Microsoft services.

• Security & Compliance:

• Design, implement, monitor, and respond to Data Loss Prevention (DLP) policies and execute advanced scanning protocols to safeguard sensitive student and employee PII and ensure regulatory compliance.
• Configure and troubleshoot web filtering policies and systems (iBoss, Blocksi) to ensure a safe and compliant online environment for students and staff.
• Monitor and investigate security alerts, including triaging and responding to MDR (Managed Detection and Response) alerts from platforms such as Adlumin (for Google Workspace, Azure Entra ID) and Cisco Duo.
• Provide Tier 3 (advanced) support for multi-factor authentication (MFA) in Duo and complex user authentication issues across various systems (GCP, Google Workspace, Entra ID, Azure, MS365, Canvas, Adobe, and numerous SaaS applications).
• Manage 24/7 on-call duties related to critical Identity and Access Management tasks, including conducting digital forensic investigations for security incidents, performing user account locks, and maintaining policies and compliance for eDiscovery tools.
• Conduct confidential, internal digital forensic investigations at the direction of district leadership

• Data Management & Analytics:

• Utilize Google Cloud Platform services, including BigQuery and Looker Studio, to architect and maintain data analytics solutions providing strategic insights into district initiatives (e.g., Elevate-28) and technology usage trends to leadership.
• Build and maintain secure data pipelines and configure Identity and Access Management for business intelligence platforms like Tableau, leveraging cloud infrastructure and storage.
• Author and maintain cloud SQL stored procedures and automate data extraction/transformation queries to support reporting and analytics implementations.
• Lead data cleanup initiatives on critical platforms (e.g., comprehensive Canvas user cleanup, Google Workspace account lifecycle maintenance, BusinessPlus job PCN schema rewriting) to improve data integrity, security, system performance, and compliance.

• Technical Training and Support:

• Provide comprehensive multi-tiered technical support (Tier 1, 2, and 3) for critical district platforms and technologies, including Google Workspace, Microsoft 365, Canvas, endpoint devices (iPads, Chromebooks, Windows), and other instructional/administrative systems.
• Administer and provide high-level operational support for key educational and administrative SaaS platforms such as Canvas LMS, Google Workspace, Adobe, LearnPlatform, Canva, and Nearpod.
• Communicate and collaborate directly with major technology service vendors (Google, Microsoft, Canvas, Nearpod, Clever, etc.) for technical issue escalation, feature requests, and contributing to license renewal discussions.

• Collaboration and Leadership:

• Collaborate effectively with cross-functional IT teams (systems administration, network engineering, security operations) to implement complex projects, integrate systems, and resolve advanced technical issues.
• Communicate technical information and advise departments and departmental leaders (e.g., DTL, EdTech specialists), providing technical guidance and support for technology integration initiatives and strategic planning.
• Serve on district and external technology committees (e.g., Commission on Technology, Google Customer Advisory Board, Canvas Advocate) to contribute technical expertise to strategic planning and the development of district-wide technology roadmaps and policies.
• Maintain accurate and comprehensive technical documentation for systems, processes, and configurations.
• Develop and deliver specialized technical training programs and resources (in-person, web media, documentation) for IT staff, educators, and administrators on platform administration, security best practices, and effective technology utilization.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field; advanced technical training, relevant graduate-level coursework, or a Master's degree preferred.
• Must have or be willing to obtain and keep current the following relevant professional  IT certifications:
• Microsoft Certified Azure Administrator
• Microsoft Certified Identity and Access Administrator
• Google Cloud Associate Cloud Engineer
• Google Cloud Professional Workspace Administrator
• CompTIA CySA+, Cloud+, Security+, Network+, A+
• Canvas Certified Technical Admin
• Minimum of 5+ years of progressive experience in an IT role with significant responsibilities for cloud platform administration, system management, Identity & Access Management, cybersecurity, data management, or automation in a large organizational environment (K12 experience highly valued).
• Proven expertise with Identity and Access Management (IAM) concepts and technologies, including Entra ID, OAuth, SAML, and directory synchronization tools (GCDS, Entra ID Sync/Cloud Sync).
• Experience utilizing data analytics tools and platforms (e.g., Tableau, Looker Studio, BigQuery, SQL) and building data processes.
• Advanced experience with scripting or automation using Python, Apps Script, or similar languages.
• Strong expertise in cybersecurity principles, including Data Loss Prevention (DLP), endpoint security, web filtering, MFA administration, and security alert investigation.
• Demonstrated ability to architect solutions, solve complex technical problems independently, and lead technical initiatives or projects.
• Professional educator licensure and teaching certification, including experience teaching in a K12 environment, preferred
• Experience developing and delivering specialized technical training to IT staff and end-users.
• Excellent communication, documentation, and interpersonal skills, with the ability to explain complex technical concepts to both technical and non-technical audiences.
• Ability to work independently, manage multiple critical priorities under pressure, and contribute effectively in a collaborative team environment.
• Valid driver’s license and reliable transportation to travel to various district sites as needed.
• Ability to handle standard IT equipment (e.g., deploying endpoints, minor rack/stack adjustments).
• Attendance at work is an essential job function.
  

Employment Terms:

• Full-time, salaried position
• Compensation based on experience and district pay scale, aligned with Technical Services salary schedule, Lane 8. 
• Benefits eligible (health, retirement, PTO/sick leave)

Note: This job description is intended to provide a general overview of the responsibilities and qualifications for this position. It is not an exhaustive list of all duties, responsibilities, and qualifications required.