Senior IT Systems Engineer

Description

Success in this role looks like:

• Within 3 months: You have taken technical and strategic ownership of our SSO and Identity Governance roadmap and you are accelerating the work to fully integrate our suite of corporate resources and SaaS applications.
• Within 6 months: You have delivered one high-impact change to improve internal IT, Security, or Infrastructure DevOps efficiency; or to improve end-user experience and clarity. You have become the trusted technical escalation point for the IT team and a key collaborator for the Security and Infrastructure DevOps teams.
• Within 1 year: You have matured the identity governance program beyond its original design and you are consistently delivering projects that improve how internal teams and business teams operate.

Core Responsibilities

• Architect, own, and administer our corporate cloud SSO and Identity Governance Administration (IGA) platform, serving as the subject matter expert for the entire organization.
• Lead a wide range of technical projects across the business, from initial requirements gathering and vendor selection to implementation and operational handover.
• Serve as the primary technical resource for evaluating, piloting, and deploying new technologies to meet evolving business needs.
• Work directly with compliance teams to provide evidence that controls are in place and working, and maintain continuous compliance tests in GRC platforms (Drata, Vanta). 
• Design and implement automation workflows for user lifecycle management, application provisioning, and other repetitive IT tasks.
• Take part in IT on-call schedules, support IT on-call teams, and sometimes work outside of standard hours to support emergency response to merchant-impacting issues.
• Continuous contribution to Business Continuity and Disaster Recovery policies, procedures, and supporting infrastructure.
• Act as the final escalation point for complex issues related to our corporate IT infrastructure.
• Partner closely with the Security team to design and enforce configuration policies, device posture policies, conditional access, and zero-trust principles.
• Mentor and provide technical guidance to other members of the IT team.

Requirements

Preferred Skills

• A builder's mindset with a deep curiosity and a constant desire to learn, build, and improve.
• Understands how to use generative AI as an accelerator, actively looking for ways to leverage AI tools to improve workflows, automate tasks, and solve problems more efficiently.
• A proven track record of owning technical projects from conception through completion, delivering results on time while managing stakeholder expectations.
• A high degree of adaptability and comfort with ambiguity; the ability to create structure and drive projects forward with minimal direction.
• The ability to learn new applications, technologies, and business domains quickly.
• A strong ability to think strategically, understanding a long-term vision while executing on tactical, iterative improvements.
• A commitment to secure-by-design principles, with proven experience creating and upholding repeatable, documented security and standards-based controls for every new project.
• Excellent communication skills, capable of explaining complex technical concepts to both technical and non-technical stakeholders.

Technical Requirements

• (3+ years) Experience in architecting and administering a modern Identity Provider (Okta preferred), including the ability to design HR-driven identity lifecycle automation (JML), build complex conditional access policies, Role/Attribute-Based Access Control (RBAC/ABAC), self-service access request schemes, and user access review campaigns.
• (3+ years) Administering Okta Cloud Identity, Entra ID, Microsoft 365, Google Workspace.
• (5+ years) Managing a large fleet of macOS and Windows devices using enterprise UEM/ MDM platforms (e.g., Jamf, Intune), including experience with zero-touch deployment, configuration management, automated patching, and building to a compliance specification.
• Proven experience securing corporate access to infrastructure resources within a Zero Trust Network Access (ZTNA) fabric.
• Must demonstrate a strategic understanding of how and when to leverage scripting (Python, PowerShell, Bash) to automate administrative tasks, integrate systems via APIs, and manage infrastructure programmatically.
• Experience implementing and managing EPM solutions (e.g., BeyondTrust, CyberArk, Admin By Request) to standardize how administrative rights are controlled, enforce least privilege, and maintain end-user efficiency.
• Strong command of enterprise networking principles (TCP/IP, DNS, DHCP, VPN) and the proven ability to troubleshoot complex connectivity issues across a hybrid environment is required.
• Must possess deep, demonstrable knowledge of modern client operating systems (macOS, Windows, and browsers), including system internals, security models, and advanced troubleshooting techniques.

Additional Requirements

• Must have access to a wired internet connection and at least a 25 megabits per second (mbps) download and 20 mbps upload speed connection.

Benefits

• Compensation: Competitive wage with Profit Sharing. Base pay without commissions and a unique opportunity to earn a share in company success.
• Comprehensive Benefits: Medical, dental, and vision coverage.
• Financial Security: 401(k) retirement plan and voluntary life insurance.
• Wellbeing: Time off when you need it, supporting both personal and professional sustainability. Open PTO available after one year.
• Career Growth: Training, mentorship, and development opportunities.
• Support & Stability: Short-term & long-term disability coverage and wellness resources.