Staff Infrastructure Systems Engineer
Astra•Alameda, CA
About The Position
This role focuses on infrastructure for people and internal systems, specifically Identity (SSO, RBAC, lifecycle), Endpoints (Mac, Windows, Linux), Access (device trust, zero-trust networking), and Internal platform and automation. It is distinct from a DevOps or SRE role, meaning it does not primarily involve CI/CD pipelines, Kubernetes clusters, or application deployment infrastructure. The core focus is on access, identity, endpoints, and secure systems for human users within the organization.
Requirements
- 8+ yrs of related experience
- 5+ years Proven experience building and owning infrastructure systems
- Deep experience with identity systems (Azure AD / Entra or equivalent; SAML/OAuth/SCIM)
- Strong experience managing heterogeneous endpoint fleets (Mac, Windows, Linux; MDM such as Intune/Jamf/Kandji)
- Hands-on experience with network security and modern connectivity patterns (VPNs, WireGuard, zero-trust networking)
- Strong scripting and automation skills (Python, Bash, or similar)
- Experience integrating systems via APIs and event-driven workflows
- Experience operating in regulated environments (CMMC, ITAR, FedRAMP-like)
Nice To Haves
- Experience in GCC High environments (Microsoft Entra ID)
- Familiarity with Amazon Web Services GovCloud or Google Cloud Platform Assured Workloads
- Experience with WireGuard-based networking or modern secure access platforms (e.g., Tailscale, Cloudflare Zero Trust)
- Experience supporting hardware, lab, or manufacturing environments
- Experience designing zero-trust or device-trust architectures
Responsibilities
- Own identity as a first-class system (SSO, RBAC, lifecycle, device trust)
- Build a fully automated onboarding/offboarding pipeline
- Design and operate endpoint infrastructure across Mac, Windows, and Linux
- Eliminate manual IT work through automation, scripting, and tooling
- Architect secure network infrastructure across office, lab, and remote environments
- Design and implement modern access patterns (e.g., WireGuard-based networking, zero-trust, device-aware access)
- Own firewall and perimeter security (Palo Alto, Juniper, or equivalent)
- Enable secure, compliant access to cloud environments (AWS GovCloud, GCP Assured Workloads)
- Drive compliance (CMMC, ITAR) through systems—not paperwork
- Partner directly with engineering to remove friction and increase velocity
- You will have high ownership and autonomy to define how these systems are built and operated
Benefits
- competitive in compensation
- equity as part of the package
- health
- vision
- dental
- 401K
- lunch
- plenty of snacks and drinks
- reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment for individuals with disabilities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
Number of Employees
101-250 employees
