IT Operations Engineer (temporary contract)

Applaudo Studios

About The Position

We are seeking an IT Operations Engineer with hands-on experience managing enterprise IT environments end-to-end. This role requires a proactive individual comfortable owning identity and access operations, endpoint management, Microsoft 365 administration, Salesforce support, and high-volume IT ticketing with minimal supervision. The ideal candidate possesses strong documentation habits, a structured approach to employee lifecycle management, and clear judgment on when to act autonomously and when to escalate. This is a temporary contract role operating under a 6-month model.

Requirements

5+ years of experience in IT Operations, IT Systems Administration, or related senior-level roles.
Hands-on experience administering Microsoft Entra ID, including identity governance, conditional access policies, security group management, and SSO provisioning across integrated SaaS applications.
Experience with endpoint management using Microsoft Intune, device compliance, MDM enrollment, monthly OS patching, and hardware lifecycle coordination via CDW and FedEx for Surface and ThinkPad devices.
Strong experience with Microsoft Defender for vulnerability monitoring, alert triage, and remediation deployment.
Experience managing enterprise VPN infrastructure (NordLayer or equivalent), including per-need provisioning and geographic access policy enforcement.
Proficiency administering Microsoft 365: Exchange Online, Teams, SharePoint, Box, Tango, and Adobe, including shared mailboxes, distribution lists, and license management.
Practical Salesforce administration skills (basic–intermediate): user management, field and picklist configuration, basic Flow debugging, HubSpot sync troubleshooting, Communities portal support, and familiarity with Natterbox, DocuSign Gen, and OwnBackup.
Proven experience with IT ticketing platforms (FreshService preferred) with strict SLA adherence: 2-hour response for VIPs, 8-day resolution for standard tickets, and quarterly access audits.
Experience executing end-to-end onboarding and offboarding workflows across Entra ID, Salesforce, UKG, Box, and Smartsheet — including credential rotation and Arctic Wolf notification protocols.
Familiarity with enterprise security operations: Arctic Wolf alert queue management, Defender vulnerability triage, and security assessments for new SaaS and AI tools.
Experience managing shared credential vaults and MFA infrastructure using 1Password or equivalent.
Comfort coordinating with vendor and infrastructure platforms: GoDaddy, CDW, FedEx, WeWork, UKG, and Smartsheet.
Excellent documentation skills: runbooks, KB entries, resolution notes, and audit records.
B2+ English proficiency for direct collaboration with US-based stakeholders.
5+ years of experience in IT Operations or IT Systems Administration.
Hands-on proficiency with Microsoft Entra ID, Microsoft Intune, and Microsoft Defender.
Practical Salesforce administration experience: user management, field and picklist configuration, and basic Flow debugging.
Experience with FreshService or equivalent IT ticketing platform with demonstrated SLA compliance.
B2+ English proficiency.

Nice To Haves

Critical production Flows are never modified without senior approval.

Responsibilities

Administer Microsoft Entra ID: manage user accounts, MFA enforcement, conditional access policies, and security groups driving automated software deployment across all endpoints.
Provision and deprovision SSO access across all integrated SaaS applications via identity-linked security group membership; maintain 1Password credential vaults with rotation after any admin-level personnel change.
Manage NordLayer VPN provisioning with active geographic access policy enforcement.
Administer Microsoft Intune for all company-owned endpoints: device compliance, software deployment, monthly OS patching, and coordination of hardware replacements via CDW and FedEx.
Own the FreshService ticketing queue end-to-end: triage, prioritize, resolve, and document all incidents and service requests. Honor SLA commitments and maintain strict ticket hygiene with KB entries before closure.
Execute end-to-end employee onboarding and offboarding across Entra ID, Salesforce, UKG, Box, and Smartsheet, including Day 1 sessions, credential rotation, Arctic Wolf notification, and asset transfer.
Administer Microsoft 365: Exchange Online, Teams, SharePoint, Box, Tango, and Adobe — including shared mailboxes, distribution lists, and sharing policy management.
Manage Salesforce user accounts, field and picklist configuration, basic Flow debugging, HubSpot sync issues, Communities portal support, Natterbox and DocuSign Gen provisioning, and OwnBackup monitoring.
Build and validate all changes in Sandbox before promoting to production.
Manage the Arctic Wolf alert queue: triage and escalate security events per protocol.
Process Defender vulnerability alerts and deploy remediation via Intune.
Conduct security and compliance assessments for new SaaS and AI tool requests prior to approval.
Manage DNS, domain registration, and SSL renewals via GoDaddy; coordinate WeWork badge access; manage Tango, Adobe, and Smartsheet licenses and access controls.
Conduct quarterly access audits across the SaaS portfolio: remove inactive users, verify license counts, and document outcomes.
Maintain operational runbooks, process documentation, and knowledge base entries to support scalability and continuity.