Senior IT Systems Engineer

Job Title: Systems Engineer

Summary The Systems Engineer is a technical leader responsible for designing, implementing, and supporting Tekion's enterprise IT systems with a strong emphasis on endpoint management and device compliance. This role drives system scalability, security, and reliability through complex project ownership, cross-functional partnership, and continuous platform improvement across macOS and Windows environments.

Duties & Responsibilities

• Lead implementation, maintenance, and optimization of enterprise platforms including Entra ID (Azure AD), Microsoft 365, SSO/IAM solutions, and MDM/endpoint management tooling (Jamf, Intune, or equivalent).
• Own the design, configuration, and enforcement of device management policies across macOS and Windows fleets — including enrollment workflows, compliance baselines, configuration profiles, and patch management.
• Design and automate workflows for system provisioning, access lifecycle management, and endpoint configuration standardization across the environment.
• Own root cause analysis on high-complexity system and endpoint issues, driving durable resolutions that improve long-term platform stability.
• Collaborate with cybersecurity, infrastructure, and application teams to deliver secure, well-integrated system and endpoint architecture.
• Lead platform upgrades, integrations, and migrations — including MDM consolidations or transitions — with a focus on business continuity and minimal operational disruption.
• Maintain architectural documentation, system configurations, device management policies, and change procedures to support knowledge transfer and audit readiness.
• Mentor junior engineers and contribute to team capability through training, process improvement, and best practices adoption.

Job Complexity Leads technically complex systems engineering projects across multiple platforms, critical systems, and large-scale endpoint environments. Serves as a subject matter expert and trusted advisor on systems reliability, device compliance, security, and scalability.

Required Supervision Operates independently. Drives technical initiatives and provides cross-team guidance with minimal direction.

Qualifications

• 5–7 years of experience in IT systems engineering or enterprise platform administration
• Bachelor's or Master's degree in Information Technology, Computer Science, or related field
• Hands-on expertise with MDM platforms for macOS and Windows — Jamf and/or Microsoft Intune strongly preferred; equivalent experience with Workspace ONE, Kandji, or similar platforms considered
• Expert-level proficiency in Microsoft 365, Entra ID, SSO/IAM platforms, and SaaS administration
• Deep familiarity with macOS and Windows device management — enrollment, compliance policies, configuration profiles, app deployment, and patch workflows
• Strong scripting and automation skills across PowerShell, Python, and/or Bash — including MDM-adjacent automation (e.g., Jamf API, Graph API)
• Demonstrated experience with security hardening, compliance readiness, and endpoint monitoring
• Strong documentation, collaboration, and cross-functional communication skills
• Mentorship experience and a track record of elevating team capabilities
• Relevant certifications preferred: Jamf Certified Admin (JCPA), Microsoft Certified: Endpoint Administrator, Microsoft Certified: Enterprise Administrator Expert, CISSP

Changes Made

• Summary updated to call out endpoint management and macOS/Windows scope — signals clearly to candidates what the core environment looks like.
• New dedicated duty added for MDM policy ownership — enrollment, compliance baselines, config profiles, patch management. This is distinct enough from general provisioning to warrant its own line.
• First duty updated to include "Jamf, Intune, or equivalent" so the expectation is clear without being exclusionary.
• Migration duty expanded to explicitly mention MDM consolidations — relevant given Tekion runs both Jamf and Intune.
• Qualifications reordered — MDM expertise moved to the top of the list since it's the primary targeting criteria.
• MDM-adjacent automation added to the scripting bullet — Jamf API and Graph API are practical differentiators worth calling out.
• Certifications updated — added Jamf Certified Admin and Microsoft Certified: Endpoint Administrator as the most directly relevant; kept the broader ones as supporting credentials.