
IT Systems Engineer
Posted 1 day ago

Posted 1 day ago
This is a fully remote position, open to applicants in United States.
• Provision, configure, and maintain Apple (macOS/iOS) and Windows 11 endpoints utilizing MDM solutions such as Intune, NinjaOne, Apple Business, or equivalent.
• Manage the entire device lifecycle, including imaging, enrollment, patching, retirement, and asset tracking.
• Oversee Okta IdP & Microsoft 365 (Exchange Online, SharePoint, Teams, OneDrive, Azure AD) with responsibilities for user provisioning, licensing, and policy enforcement.
• Ensure identity and access controls are upheld by enforcing MFA, Conditional Access policies, and applying least-privilege principles across all platforms.
• Take ownership of the Keeper Password Manager environment by administering vaults, shared folders, role-based permissions, and enforcing enterprise password policies.
• Act as Tier 2/3 helpdesk escalation for macOS and Windows issues; create self-service documentation to minimize repeat tickets.
• Contribute to SOC 2, HIPAA, and internal audit preparedness by maintaining precise records of access, configurations, and security controls.
• Develop and maintain IT policies, acceptable use agreements, and onboarding/offboarding checklists.
• Perform periodic access reviews and user entitlement audits across M365, AWS, Keeper, and various SaaS applications.
• Assist in security awareness training initiatives and phishing simulation programs.
• Monitor and triage security alerts using Datadog (logs, APM, infrastructure metrics) and Sophos Central (endpoint protection, firewall, XDR).
• Investigate and respond to endpoint threats, phishing attempts, and unusual behavior; document incidents and escalate as necessary.
• Adjust Sophos policies (web filtering, application control, device encryption, threat intelligence rules) to balance security with productivity.
• Create and maintain Datadog dashboards and monitors for infrastructure health, authentication events, and security KPIs.
• Participate in on-call rotation for critical security incidents; conduct post-incident reviews and implement necessary remediations.
• Assist in vulnerability management by tracking CVEs, coordinating patching windows, and validating remediation closure.
• 3–6 years of combined experience in IT administration and/or security operations within a corporate or startup setting.
• Hands-on experience managing macOS and Windows endpoints at scale; familiarity with Apple Business Manager and Intune or similar MDM solutions.
• Strong understanding of SSO, oAuth, and general IAAA access control principles.
• Proficiency in Microsoft 365 administration, including Exchange Online, Teams, SharePoint, Azure AD, Conditional Access, and Defender for Business.
• Working knowledge of Sophos Central, covering endpoint protection, XDR, firewall management, and policy configuration.
• Experience with Datadog for infrastructure monitoring, log management, and alerting; ability to write log queries using QLDB / Datadog query language.
• Basic knowledge of AWS services: IAM, EC2, S3, VPC, CloudTrail, and security group management; AWS Solutions Architect Associate (SAA-C03) or equivalent experience is preferred.
• Experience administering an enterprise password manager such as Keeper, 1Password, or similar.
• Familiarity with security frameworks and best practices, including Zero Trust, NIST CSF, CIS Controls, and/or HIPAA technical safeguards.
• Comprehensive health, dental, and vision insurance.
• Generous paid time off and holiday policies.
• Opportunities for professional development and growth.
• Flexible work arrangements.
Mazzetti
Oshkosh Corporation
AllView Real Estate
Reddit, Inc.
Get handpicked remote jobs straight to your inbox weekly.