Senior IT Systems Engineer - Infrastructure & Automation

This is a senior, project-oriented IT systems engineering role focused on building scalable, secure, and automated IT capabilities for LeoLabs. Rather than operating only as a ticket-queue administrator, this role owns IT projects from discovery and design through implementation, documentation, adoption, and operational handoff. The Senior IT Systems Engineer - Infrastructure & Automation will partner with the Head of IT, Security Team, Network Team, SRE, and business stakeholders to modernize endpoint management, collaboration systems, identity workflows, Wi-Fi/NAC, and IT support automation. This position will also mentor our Jr staff as they mature into more senior roles., * Complete onboarding and gain a strong understanding of LeoLabs business context, IT systems, team structure, current support model, and active modernization initiatives.

• Review current onboarding, offboarding, endpoint deployment, Microsoft 365, Defender, Sentinel, Jamf, Intune, Wi-Fi, and Jira/Confluence processes.
• Create an initial project inventory covering quick wins, risks, dependencies, owners, and proposed sequencing.
• Establish working relationships with IT, Security, Network, Cloud, SRE, SOC, and executive stakeholder groups.

Within 3 Months

• Own and actively drive two to three priority IT infrastructure or automation projects with documented scopes, milestones, risks, and acceptance criteria.
• Deliver improvements to new-hire onboarding and endpoint deployment workflows, including automation opportunities and measurable baseline metrics.
• Begin Wi-Fi modernization or secure access planning, including current-state assessment, target design input, vendor coordination, and pilot approach.
• Improve ticket triage, documentation quality, escalation paths, and recurring-issue analysis for IT support operations.

Within 6 Months

• Deliver a more automated and standardized onboarding and device provisioning experience for new employees.
• Implement improved Intune/Jamf baselines for endpoint compliance, software deployment, patching, EDR health, and reporting.
• Advance Wi-Fi, 802.1X/RADIUS, NAC, or VLAN-related work from assessment into pilot or implementation.
• Partner with Software and Security teams to streamline vulnerability management workflows and improve remediation visibility.
• Onboard or improve key Defender/Sentinel telemetry sources and create repeatable documentation for operations and audit support.

Within 12 Months

• Deliver a mature endpoint and account lifecycle program with automation across onboarding, offboarding, device deployment, access assignment, compliance reporting, and support handoff.
• Complete or materially advance the Wi-Fi/security upgrade path with improved authentication, segmentation, documentation, and operational support procedures.
• Demonstrate measurable reductions in provisioning time, recurring tickets, manual support steps, endpoint drift, and unresolved vulnerability backlog.
• Create a documented IT infrastructure improvement roadmap for the next planning cycle, including project backlog, control gaps, automation candidates, and staffing or tooling recommendations.
• Establish a deep operational understanding of the IT environment and serve as a trusted project owner for future modernization efforts.

Do you have experience in macOS support?, The right candidate combines deep hands-on systems administration experience with the ability to lead cross-functional projects, manage technical risk, communicate with executives, and deliver measurable improvements in reliability, security, onboarding speed, and support efficiency., * Must be eligible to obtain and maintain a U.S. personnel security clearance

• 7+ years of IT systems administration, systems engineering, endpoint engineering, or infrastructure operations experience.
• 3+ years leading or materially owning IT infrastructure, endpoint, automation, or workplace technology projects.
• Advanced troubleshooting experience across Windows, macOS, Microsoft 365, endpoint management, identity, networking fundamentals, and collaboration systems.
• Advanced PowerShell scripting experience, including automation for provisioning, device configuration, reporting, remediation, or administrative workflows.
• Hands-on experience with Microsoft 365 administration, Entra ID, Office applications, Teams, SharePoint, Exchange, and licensing/group management.
• Advanced experience with Microsoft Defender and Microsoft Sentinel or comparable endpoint security/SIEM tooling.
• Strong experience supporting macOS and Windows endpoints in a managed enterprise environment.
• Experience with Intune, Jamf Pro, endpoint deployment automation, patching, compliance policies, and software packaging.
• Working knowledge of Wi-Fi, VLANs, DNS, DHCP, VPN, certificates, 802.1X, RADIUS, and NAC concepts.
• Experience using Jira and Confluence or comparable systems for project tracking, documentation, and operational knowledge management.
• Experience building out and maintaining ITSM/ESM systems
• Excellent customer service, communication, documentation, stakeholder management, and cross-functional collaboration skills., * Experience with Apple Business Manager, Windows Autopilot, Jamf, Microsoft Graph API, Defender for Endpoint, Defender for Cloud Apps, or Microsoft Purview.
• Experience with SASE/ZTNA platforms, Cloudflare, Zscaler, Palo Alto Prisma Access, or similar secure access technologies.
• Experience supporting Zero Trust, device posture, conditional access, privileged access management, service account governance, or automated credential rotation initiatives.
• Experience implementing or supporting 802.1X, RADIUS, NAC, certificate-based authentication, secure guest Wi-Fi, and network segmentation.
• Familiarity with NIST 800-171, CMMC 2.0 ML2, FedRAMP, ITAR/CUI environments, or other regulated operating models.
• Experience integrating IT systems with SIEM/SOC workflows, security monitoring, vulnerability management, or automated evidence collection.
• Experience mentoring IT staff, leading vendor engagements, managing change windows, and presenting project updates to technical and non-technical audiences.
• Relevant certifications such as Security+, Network+, Jamf 300/400, Microsoft MD-102, SC-200, AZ-104, AZ-500, PMP, or equivalent practical experience.

Pulled from the full job description

• Health insurance
• Vision insurance
• Dental insurance
• Unlimited paid time off, * Global workforce: flexible remote/hybrid opportunities
• Work on complex, meaningful missions with real-world impact
• Unlimited paid time off for most roles
• Competitive salary and equity packages
• Comprehensive health, dental, and vision coverage
• Access to the forefront of commercial space operations and defense innovation

At LeoLabs, we're building the living map of activity in space. Through our proprietary global radar network and AI-enabled analytics platform, we collect millions of measurements daily on more than 25,000 objects in low Earth orbit (LEO). Our radar-powered intelligence protects billions in assets, monitors adversarial behavior, and ensures safe operations for commercial and government missions. We're not just building technology, we are redefining global security, safety, and transparency in space. As orbital activity accelerates and threats grow more complex, LeoLabs is a trusted partner for Space Domain Awareness, Space Traffic Management, and Satellite Operations for top-tier space operators and allied defense organizations. If you're looking to work on mission-critical challenges at the forefront of aerospace, national security, and AI, your impact starts here.