Lead Application Administrator (SaaS & Enterprise Applications)

Stream Data Centers•Dallas, TX

6h•Hybrid

About The Position

Stream Data Centers is seeking a Lead Application Administrator (SaaS & Enterprise Applications) to manage the day-to-day administration, availability, configuration, and lifecycle management of their SaaS application portfolio. This role also involves enterprise application deployment and compliance on corporate-managed endpoints via Microsoft Intune. The position ensures applications are reliable, secure, and aligned with business needs through disciplined access management, configuration standards, vendor coordination, endpoint deployment standards, and operational support. The Lead Application Administrator will collaborate with the Entra ID Engineer for identity standards, SSO/MFA patterns, provisioning, and access governance. They will also partner with Cybersecurity, Infrastructure, and business stakeholders to implement and validate security controls, maintain audit-ready evidence, and remediate application risks. Future responsibilities may include IT operational ownership for application-layer components of on-premises and data center-hosted solutions, ensuring consistent standards across SaaS and on-prem environments.

Requirements

Bachelor’s degree or equivalent combination of education and experience.
5–8+ years of hands-on experience administering and supporting enterprise SaaS applications and/or business-critical application platforms in production environments.
Hands-on experience administering Microsoft Intune (Endpoint Manager), including application deployment, compliance policies, and troubleshooting on corporate-managed endpoints.
Strong understanding of application administration fundamentals: tenant configuration, environments, user/role management, integrations (SSO/SCIM/APIs), and troubleshooting methodologies.
Demonstrated experience implementing application access controls and security configurations (SSO/MFA/RBAC, audit logging, session controls) in partnership with Security teams.
Experience with change management for enterprise applications, including release coordination, outage communications, and validation/testing of changes and integrations.
Automation and scripting skills (e.g., PowerShell, Python, Bash) and comfort working with APIs/webhooks (including Microsoft Graph API where applicable) to improve provisioning, reporting, and administrative workflows.
Experience supporting application monitoring/logging and collaborating on security findings, vendor escalations, and incident/problem management.
Comfort operating in regulated or audit-driven environments; ability to produce evidence, document exceptions, and maintain control validation artifacts.
Experience supporting SOC 2, ISO 27001, or similar control frameworks, including evidence collection, access reviews, and control validation for enterprise applications.
Excellent written and verbal communication; proven ability to influence cross-functional teams and mentor others.
Ability to work across multiple U.S. locations and travel to data center sites as needed; after-hours availability for high-priority server/security incidents when required.

Nice To Haves

Experience with SaaS administration consoles and vendor portals
Experience with Microsoft Intune (Endpoint Manager) for app deployment and endpoint compliance
Experience with identity platforms and SSO (Entra ID/Azure AD, Active Directory integration, SAML/OIDC), MFA and conditional access, SCIM provisioning, RBAC
Experience with API tools and automation (PowerShell/Python, REST APIs, Microsoft Graph API, Postman); logging/monitoring and SIEM integrations (e.g., Splunk, Sentinel, or similar)
Experience with ITSM/ticketing systems; and documentation/knowledge management platforms
Familiarity with common enterprise SaaS categories (collaboration, HRIS, finance, CRM, ERP, ITSM) and audit/compliance expectations

Responsibilities

Administer SaaS applications (Day-2 operations): Configure, maintain, and support Stream’s SaaS platforms, including tenant settings, integrations, environments, and ongoing operational health.
Endpoint application deployment (Microsoft Intune): Package, deploy, update, and retire applications using Intune; manage assignment groups and deployment rings; validate installs and remediation steps across Windows/macOS endpoints as applicable.
Device & application compliance enforcement: Partner with Security and Endpoint teams to implement and maintain Intune compliance policies and endpoint application baselines; investigate non-compliance and drive timely remediation aligned to policy and audit expectations.
Troubleshoot complex deployment and policy issues: Diagnose application install failures, detection-rule issues, policy conflicts, and access problems; coordinate fixes with endpoint engineering, IAM, and vendors; document root cause and preventive actions.
Application ownership model and governance: Ensure every application has two owners—IT and the business. Define and maintain RACI, support boundaries, escalation paths, and operational standards for each application.
Identity, access, and roles (RBAC): Administer user provisioning/deprovisioning, role assignments, group mappings, and privileged access workflows; perform periodic access reviews with business owners and enforce least privilege.
SSO/MFA and directory integrations: Implement and maintain SSO, MFA, SCIM/provisioning, and directory integrations (e.g., Entra ID/AD), ensuring reliable authentication and secure access patterns.
Coordinate with IAM on identity changes: Follow IAM-defined standards for SSO/MFA, SCIM provisioning, group/role mappings, and conditional access; coordinate application onboarding and material configuration changes impacting authentication/authorization with the Entra ID Engineer (IAM SME).
Security configuration and control validation: Partner with Cybersecurity to configure application security controls (conditional access, session controls, logging, retention, DLP settings where applicable) and provide evidence for audits and assessments.
Monitoring, incident response, and vendor coordination: Monitor application availability and key integrations; respond to incidents, coordinate triage with vendors and internal teams, and drive root-cause analysis and preventive actions.
Configuration management and standardization: Maintain baseline configurations, document standards, and reduce drift across tenants/environments; leverage automation and scripting to streamline administration and reduce manual effort.
Change management and release coordination: Manage application changes, upgrades, and release impacts; create implementation/rollback plans, communicate outages, and validate post-change outcomes with stakeholders.
Data, retention, and compliance alignment: Help define and administer application settings that support compliance requirements (retention, legal hold support where applicable, data residency, and audit logging) in partnership with Security and Legal/Compliance.
Application lifecycle and portfolio hygiene: Maintain application inventory/CMDB records, contracts/renewal calendar inputs, ownership metadata, and decommissioning plans; ensure orphaned apps are identified and remediated.
On-premises and data center application transition (future scope): As assigned, assume IT operational ownership for the application-layer components of select on-prem/data center solutions, working with Infrastructure to align patching, access, logging, and support processes.
Standard documentation and runbooks: Create and maintain application runbooks, admin procedures, integration diagrams, support playbooks, and troubleshooting guides; keep ownership, configuration baselines, and key contacts current.