Senior Systems Engineer
We are seeking a highly skilled Senior Systems Engineer to play a key role in the design, development, and documentation of our fully cloud-based Microsoft 365 and Azure environment. This role requires deep technical expertise in Azure AD, Intune, Microsoft Defender, SaaS administration, endpoint security, and cloud automation, along with intermediate networking skills. The ideal candidate will have experience with Cisco, Ubiquiti, or SonicWall and familiarity with Microsoft Purview for security and compliance.
This position is hands-on, focusing on architecting, implementing, and maintaining cloud infrastructure solutions while ensuring compliance with enterprise change control processes and SOX regulations. Strong technical documentation skills, experience in network security, and the ability to collaborate with cross-functional teams are key to success.
Key Responsibilities
Cloud Architecture & Infrastructure Development
- Assist in designing, developing, and documenting a 100% cloud-native Microsoft 365 and Azure environment, focusing on scalability, security, and efficiency.
- Develop and maintain detailed architecture documentation, including system configurations, security controls, automation workflows, and change management records.
- Ensure all infrastructure solutions comply with enterprise change control processes and align with SOX compliance requirements.
Security & Compliance
- Implement and maintain enterprise security policies using Microsoft Intune for endpoint management, compliance enforcement, and app protection.
- Manage Microsoft Defender security solutions, including Defender for Endpoint, Defender for Office 365, Defender for Cloud Apps, and Defender XDR, to proactively detect and mitigate threats.
- Ensure identity and access management (IAM) best practices in Azure AD (Entra ID) by implementing Conditional Access, MFA, Privileged Identity Management (PIM), and role-based access controls (RBAC).
- Monitor and maintain SOX compliance by ensuring security policies, configurations, and changes align with regulatory and audit requirements.
- Leverage Microsoft Purview for data protection, compliance monitoring, and risk mitigation.
Networking & Connectivity
- Maintain and troubleshoot network infrastructure, including Cisco, Ubiquiti, and SonicWall firewalls, switches, and wireless networks.
- Ensure secure and optimized network connectivity for cloud-based services and remote users.
- Assist in VPN, VLAN, and network segmentation configurations to enhance security and performance.
- Collaborate with network and security teams to enforce best practices for firewall policies, intrusion prevention, and network access control.
Enterprise Change Management & Process Adherence
- Follow and enforce enterprise change control processes, ensuring that all system modifications are properly documented, reviewed, and approved.
- Develop and maintain documentation for IT controls, infrastructure changes, and compliance procedures.
- Work closely with IT leadership to align infrastructure changes with enterprise governance frameworks and regulatory requirements.
Automation & Operational Efficiency
- Develop automation scripts and Infrastructure-as-Code (IaC) solutions using PowerShell, Graph API, Terraform, or Bicep to improve operational efficiency and standardization.
- Research, design, and integrate API-based solutions for SaaS applications, automation workflows, and security operations.
- Optimize cloud performance and resource utilization, ensuring high availability and cost efficiency.
Troubleshooting & Support
- Monitor and analyze system performance, security events, and compliance metrics using Defender XDR and Microsoft Purview.
- Provide hands-on support and troubleshooting for cloud-based IT infrastructure and network connectivity issues, escalating critical incidents when necessary.
- Collaborate with internal teams and third-party vendors to resolve complex infrastructure and security challenges.
Required Qualifications
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Minimum 8 years of experience in Microsoft 365, Azure AD, and cloud-based IT infrastructure.
- Expertise in designing, documenting, and managing:
- Azure AD (Entra ID), Conditional Access, MFA, and IAM governance
- Microsoft Intune (device management, endpoint security, compliance policies, app protection)
- Microsoft Defender (Defender for Endpoint, Office 365, Cloud Apps, and XDR)
- SharePoint, OneDrive, and Teams security & governance
Intermediate networking skills, with experience in at least one:
Cisco, Ubiquiti, or SonicWall (firewalls, switches, VPNs, VLANs)
Proficiency in automation and scripting, including:
PowerShell, Graph API, and Intune Automation
Strong documentation skills, with experience developing technical architecture diagrams, change control records, and compliance reports.
Understanding of SOX compliance, IT governance, and enterprise change control processes.
Strong problem-solving and troubleshooting skills in cloud security, identity management, networking, and SaaS administration.
Preferred Qualifications
- Experience with Salesforce, Aspen, CREO, and Windchill.
- Familiarity with Microsoft Purview for security, compliance, and data governance.
- Hands-on experience with API integrations and SaaS automation.
- Familiarity with Zero Trust security models and modern IAM strategies.
- ITIL certification or experience working in ITIL-based environments.
Certifications (At Least Two Preferred)
- Microsoft Certified: Azure Solutions Architect Expert
- Microsoft Certified: Azure Administrator Associate
- Microsoft Certified: Endpoint Administrator Associate (Intune)
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft 365 Certified: Enterprise Administrator Expert
