Senior IT Systems Engineer – Infrastructure & Automation

About The Position

Requirements

• Must be eligible to obtain and maintain a U.S. personnel security clearance
• 7+ years of IT systems administration, systems engineering, endpoint engineering, or infrastructure operations experience.
• 3+ years leading or materially owning IT infrastructure, endpoint, automation, or workplace technology projects.
• Advanced troubleshooting experience across Windows, macOS, Microsoft 365, endpoint management, identity, networking fundamentals, and collaboration systems.
• Advanced PowerShell scripting experience, including automation for provisioning, device configuration, reporting, remediation, or administrative workflows.
• Hands-on experience with Microsoft 365 administration, Entra ID, Office applications, Teams, SharePoint, Exchange, and licensing/group management.
• Advanced experience with Microsoft Defender and Microsoft Sentinel or comparable endpoint security/SIEM tooling.
• Strong experience supporting macOS and Windows endpoints in a managed enterprise environment.
• Experience with Intune, Jamf Pro, endpoint deployment automation, patching, compliance policies, and software packaging.
• Working knowledge of Wi-Fi, VLANs, DNS, DHCP, VPN, certificates, 802.1X, RADIUS, and NAC concepts.
• Experience using Jira and Confluence or comparable systems for project tracking, documentation, and operational knowledge management.
• Experience building out and maintaining ITSM/ESM systems
• Excellent customer service, communication, documentation, stakeholder management, and cross-functional collaboration skills.

Nice To Haves

• Experience with Apple Business Manager, Windows Autopilot, Jamf, Microsoft Graph API, Defender for Endpoint, Defender for Cloud Apps, or Microsoft Purview.
• Experience with SASE/ZTNA platforms, Cloudflare, Zscaler, Palo Alto Prisma Access, or similar secure access technologies.
• Experience supporting Zero Trust, device posture, conditional access, privileged access management, service account governance, or automated credential rotation initiatives.
• Experience implementing or supporting 802.1X, RADIUS, NAC, certificate-based authentication, secure guest Wi-Fi, and network segmentation.
• Familiarity with NIST 800-171, CMMC 2.0 ML2, FedRAMP, ITAR/CUI environments, or other regulated operating models.
• Experience integrating IT systems with SIEM/SOC workflows, security monitoring, vulnerability management, or automated evidence collection.
• Experience mentoring IT staff, leading vendor engagements, managing change windows, and presenting project updates to technical and non-technical audiences.
• Relevant certifications such as Security+, Network+, Jamf 300/400, Microsoft MD-102, SC-200, AZ-104, AZ-500, PMP, or equivalent practical experience.

Responsibilities

• Own IT projects from discovery and design through implementation, documentation, adoption, and operational handoff.
• Partner with the Head of IT, Security Team, Network Team, SRE, and business stakeholders to modernize endpoint management, collaboration systems, identity workflows, Wi-Fi/NAC, and IT support automation.
• Mentor Jr staff as they mature into more senior roles.
• Lead cross-functional projects.
• Manage technical risk.
• Communicate with executives.
• Deliver measurable improvements in reliability, security, onboarding speed, and support efficiency.
• Complete onboarding and gain a strong understanding of LeoLabs business context, IT systems, team structure, current support model, and active modernization initiatives.
• Review current onboarding, offboarding, endpoint deployment, Microsoft 365, Defender, Sentinel, Jamf, Intune, Wi-Fi, and Jira/Confluence processes.
• Create an initial project inventory covering quick wins, risks, dependencies, owners, and proposed sequencing.
• Establish working relationships with IT, Security, Network, Cloud, SRE, SOC, and executive stakeholder groups.
• Own and actively drive two to three priority IT infrastructure or automation projects with documented scopes, milestones, risks, and acceptance criteria.
• Deliver improvements to new-hire onboarding and endpoint deployment workflows, including automation opportunities and measurable baseline metrics.
• Begin Wi-Fi modernization or secure access planning, including current-state assessment, target design input, vendor coordination, and pilot approach.
• Improve ticket triage, documentation quality, escalation paths, and recurring-issue analysis for IT support operations.
• Deliver a more automated and standardized onboarding and device provisioning experience for new employees.
• Implement improved Intune/Jamf baselines for endpoint compliance, software deployment, patching, EDR health, and reporting.
• Advance Wi-Fi, 802.1X/RADIUS, NAC, or VLAN-related work from assessment into pilot or implementation.
• Partner with Software and Security teams to streamline vulnerability management workflows and improve remediation visibility.
• Onboard or improve key Defender/Sentinel telemetry sources and create repeatable documentation for operations and audit support.
• Deliver a mature endpoint and account lifecycle program with automation across onboarding, offboarding, device deployment, access assignment, compliance reporting, and support handoff.
• Complete or materially advance the Wi-Fi/security upgrade path with improved authentication, segmentation, documentation, and operational support procedures.
• Demonstrate measurable reductions in provisioning time, recurring tickets, manual support steps, endpoint drift, and unresolved vulnerability backlog.
• Create a documented IT infrastructure improvement roadmap for the next planning cycle, including project backlog, control gaps, automation candidates, and staffing or tooling recommendations.
• Establish a deep operational understanding of the IT environment and serve as a trusted project owner for future modernization efforts.

Benefits

• Global workforce: flexible remote/hybrid opportunities
• Work on complex, meaningful missions with real-world impact
• Unlimited paid time off for most roles
• Competitive salary and equity packages
• Comprehensive health, dental, and vision coverage
• Access to the forefront of commercial space operations and defense innovation