Senior IT Systems Engineer – Infrastructure & Automation

<p><strong>Why&nbsp;LeoLabs?&nbsp;</strong></p> <p>At LeoLabs, we’re building the living map of activity in space. Through our proprietary global radar network and AI-enabled analytics platform, we collect millions of measurements daily on more than 25,000 objects in low Earth orbit (LEO). Our radar-powered intelligence protects billions in assets, monitors adversarial behavior, and ensures safe operations for commercial and government missions.&nbsp;</p> <p>We’re&nbsp;not just building technology, we are&nbsp;redefining global security, safety, and transparency in space. As orbital activity accelerates and threats grow more complex,&nbsp;LeoLabs&nbsp;is a&nbsp;trusted partner for Space Domain Awareness, Space Traffic Management, and Satellite Operations for top-tier space operators and allied defense organizations.&nbsp;</p> <p>&nbsp;If&nbsp;you're&nbsp;looking to work on mission-critical challenges at the forefront of aerospace, national security, and AI, your impact starts here.&nbsp;</p> <p><strong>&nbsp;</strong></p> <p><strong>The Opportunity&nbsp;</strong></p> <p>This is a senior, project-oriented IT systems engineering role focused on building scalable, secure, and automated IT capabilities for LeoLabs. Rather than operating only as a ticket-queue administrator, this role owns IT projects from discovery and design through implementation, documentation, adoption, and operational handoff. The&nbsp;<strong>Senior IT Systems Engineer – Infrastructure &amp; Automation </strong>will partner with the Head of IT, Security Team, Network Team, SRE, and business stakeholders to modernize endpoint management, collaboration systems, identity workflows, Wi-Fi/NAC, and IT support automation.&nbsp; This position will also mentor our Jr staff as they mature into more senior roles.</p> <p>The right candidate combines deep hands-on systems administration experience with the ability to lead cross-functional projects, manage technical risk, communicate with executives, and deliver measurable improvements in reliability, security, onboarding speed, and support efficiency. <strong>*This role follows a hybrid schedule and requires onsite presence two days per week.</strong></p> <p>&nbsp;</p> <p><strong>Qualifications&nbsp;</strong></p> <ul> <li>Must be eligible to obtain and maintain a U.S. personnel security clearance</li> <li>7+ years of IT systems administration, systems engineering, endpoint engineering, or infrastructure operations experience.</li> <li>3+ years leading or materially owning IT infrastructure, endpoint, automation, or workplace technology projects.</li> <li>Advanced troubleshooting experience across Windows, macOS, Microsoft 365, endpoint management, identity, networking fundamentals, and collaboration systems.</li> <li>Advanced PowerShell scripting experience, including automation for provisioning, device configuration, reporting, remediation, or administrative workflows.</li> <li>Hands-on experience with Microsoft 365 administration, Entra ID, Office applications, Teams, SharePoint, Exchange, and licensing/group management.</li> <li>Advanced experience with Microsoft Defender and Microsoft Sentinel or comparable endpoint security/SIEM tooling.</li> <li>Strong experience supporting macOS and Windows endpoints in a managed enterprise environment.</li> <li>Experience with Intune, Jamf Pro, endpoint deployment automation, patching, compliance policies, and software packaging.</li> <li>Working knowledge of Wi-Fi, VLANs, DNS, DHCP, VPN, certificates, 802.1X, RADIUS, and NAC concepts.</li> <li>Experience using Jira and Confluence or comparable systems for project tracking, documentation, and operational knowledge management.</li> <li>Experience building out and maintaining ITSM/ESM systems</li> <li>Excellent customer service, communication, documentation, stakeholder management, and cross-functional collaboration skills.</li> </ul> <p>&nbsp;</p> <p>&nbsp;</p> <p><strong>Preferred Qualifications</strong></p> <ul> <li>Experience with Apple Business Manager, Windows Autopilot, Jamf, Microsoft Graph API, Defender for Endpoint, Defender for Cloud Apps, or Microsoft Purview.</li> <li>Experience with SASE/ZTNA platforms, Cloudflare, Zscaler, Palo Alto Prisma Access, or similar secure access technologies.</li> <li>Experience supporting Zero Trust, device posture, conditional access, privileged access management, service account governance, or automated credential rotation initiatives.</li> <li>Experience implementing or supporting 802.1X, RADIUS, NAC, certificate-based authentication, secure guest Wi-Fi, and network segmentation.</li> <li>Familiarity with NIST 800-171, CMMC 2.0 ML2, FedRAMP, ITAR/CUI environments, or other regulated operating models.</li> <li>Experience integrating IT systems with SIEM/SOC workflows, security monitoring, vulnerability management, or automated evidence collection.</li> <li>Experience mentoring IT staff, leading vendor engagements, managing change windows, and presenting project updates to technical and non-technical audiences.</li> <li>Relevant certifications such as Security+, Network+, Jamf 300/400, Microsoft MD-102, SC-200, AZ-104, AZ-500, PMP, or equivalent practical experience.</li> </ul> <p>&nbsp;</p> <p><strong>Within 1 Month</strong></p> <ul> <li>Complete onboarding and gain a strong understanding of LeoLabs business context, IT systems, team structure, current support model, and active modernization initiatives.</li> <li>Review current onboarding, offboarding, endpoint deployment, Microsoft 365, Defender, Sentinel, Jamf, Intune, Wi-Fi, and Jira/Confluence processes.</li> <li>Create an initial project inventory covering quick wins, risks, dependencies, owners, and proposed sequencing.</li> <li>Establish working relationships with IT, Security, Network, Cloud, SRE, SOC, and executive stakeholder groups.</li> </ul> <p><strong>Within 3 Months</strong></p> <ul> <li>Own and actively drive two to three priority IT infrastructure or automation projects with documented scopes, milestones, risks, and acceptance criteria.</li> <li>Deliver improvements to new-hire onboarding and endpoint deployment workflows, including automation opportunities and measurable baseline metrics.</li> <li>Begin Wi-Fi modernization or secure access planning, including current-state assessment, target design input, vendor coordination, and pilot approach.</li> <li>Improve ticket triage, documentation quality, escalation paths, and recurring-issue analysis for IT support operations.</li> </ul> <p><strong>Within 6 Months</strong></p> <ul> <li>Deliver a more automated and standardized onboarding and device provisioning experience for new employees.</li> <li>Implement improved Intune/Jamf baselines for endpoint compliance, software deployment, patching, EDR health, and reporting.</li> <li>Advance Wi-Fi, 802.1X/RADIUS, NAC, or VLAN-related work from assessment into pilot or implementation.</li> <li>Partner with Software and Security teams to streamline vulnerability management workflows and improve remediation visibility.</li> <li>Onboard or improve key Defender/Sentinel telemetry sources and create repeatable documentation for operations and audit support.</li> </ul> <p><strong>Within 12 Months</strong></p> <ul> <li>Deliver a mature endpoint and account lifecycle program with automation across onboarding, offboarding, device deployment, access assignment, compliance reporting, and support handoff.</li> <li>Complete or materially advance the Wi-Fi/security upgrade path with improved authentication, segmentation, documentation, and operational support procedures.</li> <li>Demonstrate measurable reductions in provisioning time, recurring tickets, manual support steps, endpoint drift, and unresolved vulnerability backlog.</li> <li>Create a documented IT infrastructure improvement roadmap for the next planning cycle, including project backlog, control gaps, automation candidates, and staffing or tooling recommendations.</li> <li>Establish a deep operational understanding of the IT environment and serve as a trusted project owner for future modernization efforts.</li> </ul> <p><strong>&nbsp;</strong></p> <p><strong>Perks and Benefits</strong></p> <ul> <li>Global workforce: flexible remote/hybrid opportunities</li> <li>Work on complex, meaningful missions with real-world impact</li> <li>Unlimited paid time off for most roles</li> <li>Competitive salary and equity packages</li> <li>Comprehensive health, dental, and vision coverage</li> <li>Access to the forefront of commercial space operations and defense innovation</li> </ul> <p>&nbsp;</p> <p>All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, or status as a protected veteran.&nbsp;</p>