Key skills
AzureFirewallsJamfMacOSAzure ADOktaSSOSaaSCommunicationRemote Work
About this role
Role Overview
- Own the full lifecycle of laptops and workstations (procurement, imaging, deployment, recovery, and decommissioning).
- Implement and administer MDM/endpoint management tools (e.g., Intune, Jamf, Kandji, Workspace ONE) for configuration, patching, and policy enforcement.
- Maintain an accurate asset inventory for all company-owned devices and key peripherals.
- Define and maintain standard images and baseline configurations for different roles and teams.
- Administer our identity provider and SSO platform (e.g., Okta, Azure AD, Google Workspace), including application integrations and lifecycle management.
- Implement and maintain role-based access control (RBAC), ensuring least-privilege access and appropriate group/role design.
- Own the joiner/mover/leaver process: onboarding, offboarding, and access changes across all core systems.
- Monitor access logs and authentication events; partner with security to respond to suspicious activity.
- Define, document, and enforce IT and security policies (passwords, MFA, endpoint configuration, data handling, acceptable use, remote work standards).
- Manage endpoint security tooling (EDR/AV, disk encryption, host firewalls) and ensure coverage and compliance across devices.
- Coordinate vulnerability management for endpoints and core SaaS platforms, including patching schedules and exception handling.
- Support compliance initiatives (e.g., SOC 2, ISO 27001) by providing evidence, documentation, and implementing required controls.
- Participate in customer-required IT/security assessments, reviews, and audits, providing accurate, timely information about our IT controls and posture.
- Run periodic security awareness activities (phishing simulations, training reminders, playbooks).
Requirements
- 5+ years of experience in IT administration or systems engineering, including 2+ years in a lead or manager capacity.
- Hands-on experience managing macOS and/or Windows endpoints in a distributed or remote-first environment.
- Experience administering at least one enterprise identity platform (Okta, Azure AD, or Google Workspace) and integrating SSO with SaaS tools.
- Strong understanding of security best practices for endpoints, identity, and SaaS (MFA, encryption, RBAC, least privilege, logging and monitoring).
- Proven track record implementing and operating MDM/endpoint management tools and endpoint security solutions.
- Demonstrated ability to design and document processes, drive adoption, and enforce standards in a growing organization.
- Bilingual in English and Spanish, with strong written and verbal communication skills in both languages.
- Excellent communication skills; able to explain technical constraints and trade-offs clearly to non-technical stakeholders.
Tech Stack
- Azure
- Firewalls
- Jamf
- MacOS
Benefits
- Health insurance
- 401(k) matching
- Flexible work hours