Sr. Systems Administrator

Varda Space Industries•El Segundo, CA

20h•Onsite

About The Position

Varda is looking for a Sr. Systems Administrator who is equal parts identity architect and cloud operator who can own platforms that every employee, device, and application depends on to get work done. You’ll be the technical authority for Okta, Microsoft 365 GCC High, Azure/Entra ID, and our MDM ecosystem across macOS, Windows, and Linux. This isn’t just about keeping the lights on: you’ll architect zero-trust access policies, drive lifecycle identity automation, integrate device compliance into conditional access, and ensure our platforms are audit-ready in an ITAR-regulated environment. You’ll work directly with Engineering, Security, Manufacturing, and Business Operations teams — and your decisions will directly shape how securely and efficiently a fast-growing space company operates. This is a full-time, exempt position located in our El Segundo headquarters.

Requirements

Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field, or equivalent hands-on experience that speaks for itself.
5+ years in systems administration, with at least 3 years focused on identity platforms (Okta, Entra ID/Azure AD) and Microsoft 365 administration.
Proficiency with Okta administration — application integration (SAML, OIDC, SCIM), MFA enrollment policies, group rules, and lifecycle management.
Strong working knowledge of Microsoft 365 administration — Exchange Online, SharePoint Online, Teams, Entra ID conditional access, and Azure AD Connect.
Experience administering MDM platforms across macOS, Windows, and Linux — including JAMF Pro and Microsoft Intune — with a solid understanding of device enrollment, compliance policies, and configuration management at scale.
Experience with Active Directory — GPO management, OU design, replication troubleshooting, and hybrid join scenarios.
Proficiency with PowerShell for Microsoft Graph API, Exchange Online, and Entra ID automation.
Self-directed and calm under pressure, with a track record of delivering complex identity and cloud infrastructure projects.
Clear communicator who can engage effectively with both technical and non-technical stakeholders.

Nice To Haves

Microsoft certifications: AZ-104 (Azure Administrator), SC-300 (Identity and Access Administrator), MS-102 (Microsoft 365 Administrator), or MD-102 (Endpoint Administrator).
Okta Certified Professional or Okta Certified Administrator certification.
Experience operating Microsoft 365 GCC High or GCC tenants with a clear understanding of the compliance boundary differences from commercial M365.
Hands-on experience with Okta Workflows, Okta Identity Governance (OIG), or Okta Privileged Access.
Advanced JAMF Pro administration: Prestage Enrollments, smart groups, extension attributes, and JAMF-to-Okta/Entra device compliance integration.
Experience with Microsoft Intune Autopilot, compliance policies, and co-management scenarios in hybrid AD/Entra environments.
Familiarity with Linux endpoint management solutions (Landscape, Fleet, CHEF, Ansible, or equivalent).
Familiarity with SIEM/SOAR integration for identity event correlation (PagerDuty, Snowflake, or equivalent).
Experience supporting NIST 800-171, CMMC, and ITAR compliance with direct responsibility for access control and endpoint compliance implementation.
Prior experience in a high-growth startup or aerospace environment is highly desirable.

Responsibilities

Architect and administer the Okta tenant end-to-end — SSO application integrations, MFA policies, lifecycle management (joiner/mover/leaver), Okta Workflows, and Identity Governance and Administration (IGA) features, including access certifications and entitlement management.
Own Microsoft 365 GCC High and Azure/Entra ID — Exchange Online, SharePoint, Teams, conditional access policies, and tenant security configuration tuned for ITAR compliance boundaries.
Design and maintain hybrid identity infrastructure, including Active Directory, Entra Connect synchronization, and federation trust relationships.
Architect and administer endpoint management across all platforms — JAMF Pro for macOS, Microsoft Intune for Windows, and supplemental MDM tooling for Linux — including device enrollment, configuration profiles, compliance policies, application deployment, and OS patch management.
Bridge device compliance and identity: integrate JAMF and Intune compliance signals into Okta and Entra ID conditional access policies so device trust is a hard requirement for resource access.
Develop and enforce conditional access and zero-trust policies across Okta and Entra ID to protect sensitive resources in an ITAR-regulated environment.
Build and maintain Okta Workflows and Azure Logic Apps/Power Automate flows to automate user provisioning, deprovisioning, group management, and access request fulfillment.
Administer and optimize SCIM provisioning between Okta and downstream SaaS applications — Google Workspace, Jira, Confluence, Slack, Smartsheet, 1Password, and others.
Monitor and respond to identity-related security events — such as suspicious sign-ins, token abuse, and privilege escalation — using Okta System Log, Entra ID audit logs, and CrowdStrike telemetry.
Partner with the Security team on compliance efforts tied to Vanta, NIST 800-171, CMMC, and ITAR, with direct ownership of access control, audit logging, and least-privilege enforcement.
Manage certificate lifecycles, SAML/OIDC trust configurations, and API token governance across the SaaS portfolio.
Create and maintain runbooks, architecture diagrams, and knowledge base articles in Confluence — leaving documentation better than you found it.
Mentor junior IT team members on identity, cloud platform, and endpoint management best practices.
Drive scripting and automation (PowerShell, Python, Bash) to streamline administration, reporting, and incident response across identity, cloud, and MDM systems.
Lead special projects from kickoff to completion, with full accountability for outcomes.

Benefits

Stock options
401(k) matching
Unlimited PTO
Health, vision, and dental insurance
Daily lunch and snacks on site; dinners twice a week
Maternity/Paternity leave
Flexible PTO policy + 12 paid holidays
100% company-paid Medical, Dental, and Vision insurance plans for employees and dependents with FSA and employer-matched HSA options
Voluntary accident, hospital, critical illness, and pet insurance
$120/month wellness reimbursement for gym and fitness expenses
12 weeks of parental leave (with supplemental disability leave for CA mothers)
Family building, pregnancy, parenting and menopause benefits via Maven Clinic
Sponsored One Medical memberships for employees and their dependents
Substantial incentive equity in a fully funded space start-up
401(k) retirement plan with 6% employer match (immediately vested)
$20/pay period cell phone reimbursement
Relocation support for new hires, if needed
Fully stocked kitchen with lunch provided daily and dinner provided twice weekly
Company and team-bonding events, happy hours and mission-success celebrations
Complimentary EV charging
Dog-friendly office space