Tech Ops Engineer

About The Position

Requirements

• 4+ years in an IT, Tech Ops, or IT/Security hybrid role at a tech company, with meaningful time spent building (not just maintaining) the function.
• Hands-on with identity and access: You’ve implemented SSO, SCIM, or access-provisioning workflows in a real environment (e.g., Google Workspace, Cloudflare Zero Trust, Okta, JumpCloud, Azure AD) and understand the trade-offs between them.
• Cloud networking fundamentals: You can stand up VPCs, subnets, IAM policies, and private access patterns in GCP (or an equivalent cloud). You don’t need to be a network engineer, but you should know what good looks like.
• Device lifecycle experience: You’ve owned or meaningfully contributed to hardware provisioning at a small-to-mid-sized company—imaging, MDM (e.g., Kandji, Jamf, Rippling), shipping, recovery—and know where to outsource vs. do in-house. This includes hardware inventory management as well as device lifecycle.
• Remote-first instincts: You’ve supported a fully distributed team (or meaningful pieces of one) and know how the security, UX, and logistics differ from an office-based setup.
• Security-minded: You have working familiarity with security frameworks (even if we’re not pursuing SOC 2 today) and default to least-privilege. You know what a well-hardened startup looks like and what threats to actually care about at our stage.
• Automation over tickets: You reach for scripts, APIs, and IaC (Terraform, Pulumi, shell, Python) before you reach for a manual checklist. You’ve written automations that outlived your time at a previous company.
• High ownership, low ego: You’re comfortable being the only Tech Ops person at the company, operating independently, and pairing closely with a technical leadership team that will be opinionated on the work. You’re able to be high-output on your own without needing daily direction.
• Clear communicator: You can explain an access model to an engineer and a resolution to a technical support issue to a QA contractor in the Philippines with equal clarity.

Nice To Haves

• You’ve been the first dedicated Tech Ops / IT hire at a company and scaled the function from 10-ish to 100+ people.
• Experience supporting both US full-time employees and global contractor populations (Deel, HI, or equivalent).
• Familiarity with our current stack: Google Workspace, Cloudflare (SSO / Zero Trust / Access), GitHub, Slack, Gusto, Deel.
• Experience with gaming, consumer tech, or other creator-adjacent companies.

Responsibilities

• Automate access control end-to-end: Design and implement an automated system for granting, reviewing, and revoking access across Google Workspace, GitHub, Cloudflare SSO, and our growing roster of SaaS tools.
• Own our identity layer: Consolidate authentication around a central identity provider (e.g., Google Workspace, Okta, JumpCloud), implement SCIM provisioning where possible, and build group-based access policies that scale with our team.
• Build onboarding and offboarding runbooks: A new hire should be able to sign in to everything they need on day one, and when someone leaves, their access should be revoked quickly and reliably.
• Partner with People Ops on the employee lifecycle: Work closely with our People Ops Lead to integrate HR systems (Gusto, Deel) with IT provisioning so hiring, role changes, and departures flow automatically into access changes.
• Own hardware provisioning: Take full ownership of device procurement, imaging, shipping, and recovery. Build a repeatable playbook for getting laptop into a new hire’s hands on day one, whether they’re in the US or working with a contractor partner abroad.
• Manage hardware inventory: Monitor and manage physical hardware inventory. Figure out a process for purchasing and/or refurbishing devices that integrates with our onboarding process.
• Stand up an MDM program: Deploy and manage an MDM solution (e.g., Kandji, Jamf, Rippling) to enforce baseline security posture — disk encryption, OS patching, screen lock, threat detection — across company-owned devices.
• Migrate the team to properly provisioned devices: Device provisioning hasn’t been a standard process over the years. Migrate them to company-provisioned, properly provisioned devices without disrupting the team.
• Define and implement cloud networking best practices: Today, internal services are authenticated via Cloudflare SSO. Evaluate options (e.g., Cloudflare Zero Trust, Tailscale, VPCs with bastion or IAP) and propose changes in service of making work seamless and secure for a fully remote workforce.
• Manage cloud IAM and org structure: Define and enforce least-privilege IAM policies across GCP and other cloud services, set up organization-level guardrails, and build a model for granting engineers scoped access when they need it.
• Partner with engineering on the boundary: You’ll be working with engineering closely on all boundary projects and anything that requires a handoff — identity, networking, and access. The goal is to allow everyone to ship faster and focus on what they know best.
• Own internal SaaS and collaboration tools: Manage our Google Workspace tenant, Slack, GitHub org, and the long tail of SaaS tools the team relies on. Keep them configured securely, patched, and well-integrated.
• Be the internal help desk — then automate yourself out of it: Handle the day-to-day “I can’t access X” tickets in the short term, and systematically automate, document, or self-serve the recurring ones.
• Own the tooling budget: Manage our SaaS and tooling spend, flag where we have leverage on renewals, and identify areas of savings as the stack grows.

Benefits

• Competitive compensation and equity package.
• Fully remote work arrangement.
• The opportunity to build the Tech Ops function from the ground up at a rapidly scaling consumer gaming company.
• A team of people who genuinely love games, move incredibly fast, and care deeply about what they build.