Staff Infrastructure Systems Engineer

This role focuses on infrastructure for people and internal systems:

• Identity (SSO, RBAC, lifecycle)
• Endpoints (Mac, Windows, Linux)
• Access (device trust, zero-trust networking)
• Internal platform and automation, * Design and operate endpoint infrastructure across Mac, Windows, and Linux
• Eliminate manual IT work through automation, scripting, and tooling
• You should expect to spend the majority of your time building systems and automation-not responding to tickets
• Architect secure network infrastructure across office, lab, and remote environments
• Design and implement modern access patterns (e.g., WireGuard-based networking, zero-trust, device-aware access)
• Own firewall and perimeter security (Palo Alto, Juniper, or equivalent)
• Enable secure, compliant access to cloud environments (AWS GovCloud, GCP Assured Workloads)
• Drive compliance (CMMC, ITAR) through systems-not paperwork
• Partner directly with engineering to remove friction and increase velocity
• You will have high ownership and autonomy to define how these systems are built and operated

• 8+ yrs of related experience
• 5+ years Proven experience building and owning infrastructure systems
• Deep experience with identity systems (Azure AD / Entra or equivalent; SAML/OAuth/SCIM)
• Strong experience managing heterogeneous endpoint fleets (Mac, Windows, Linux; MDM such as Intune/Jamf/Kandji)
• Hands-on experience with network security and modern connectivity patterns (VPNs, WireGuard, zero-trust networking)
• Strong scripting and automation skills (Python, Bash, or similar)
• Experience integrating systems via APIs and event-driven workflows
• Experience operating in regulated environments (CMMC, ITAR, FedRAMP-like), * You reduce complexity instead of adding it
• You think in terms of identity-first and network-minimized architectures
• You can debug across identity, network, endpoint, and cloud boundaries
• You have strong opinions about how systems should be built-and can back them up

Desired Multipliers

• Experience in GCC High environments (Microsoft Entra ID)
• Familiarity with Amazon Web Services GovCloud or Google Cloud Platform Assured Workloads
• Experience with WireGuard-based networking or modern secure access platforms (e.g., Tailscale, Cloudflare Zero Trust)
• Experience supporting hardware, lab, or manufacturing environments
• Experience designing zero-trust or device-trust architectures

We're competitive in compensation and offer equity as part of the package. We have great benefits that include health, vision, dental, and 401K in comparison to other startups. We provide lunch and there's plenty of snacks and drinks to get you through the day.

Astra's mission is to improve life on Earth from space by creating a healthier and more connected planet. Today, Astra offers one of the lowest cost-per-launch dedicated orbital launch services, and one of the industry's leading flight-proven electric propulsion systems for satellites, the Astra Spacecraft Engine.