IT Infrastructure Systems Engineer

Onto Innovation is a leader in process control, combining global scale with an expanded portfolio of leading-edge technologies that include: 3D metrology spanning the chip from nanometer-scale transistors to micron-level die-interconnects; macro defect inspection of wafers and packages; metal interconnect composition; factory analytics; and lithography for advanced semiconductor packaging. Our breadth of offerings across the entire semiconductor value chain helps our customers solve their most difficult yield, device performance, quality, and reliability issues. Onto Innovation strives to optimize customers’ critical path of progress by making them smarter, faster and more efficient.

Job Summary & Responsibilities

We are seeking a highly skilled Sr. Systems & Infrastructure Engineer to join a dynamic, security-first IT team operating across on-premises, hybrid cloud, and modern cloud-managed environments. This role spans traditional enterprise infrastructure, modern cloud operations (CloudOps), Microsoft 365 administration, AI-augmented tooling, and endpoint management through Microsoft Intune and Windows Autopilot. The ideal candidate brings deep technical depth, an Agile mindset, and a passion for continuous improvement in both operations and security posture.

• Lead VMware vSphere/ESXi architecture, cluster operations, lifecycle management, and performance tuning.
• Support HPE Synergy compute infrastructure, firmware updates, and template management.
• Administer enterprise storage platforms including Pure Storage and HPE systems; manage Cloudian HyperStore object storage and capacity planning.
• Support Komprise data lifecycle management, analytics, and file tiering optimization.
• Participate in data center buildouts, hardware refresh planning, rack/power design, and operational support.
• Manage PKI infrastructure, certificate lifecycle, and CA operations.

• Administer and optimize Azure and/or AWS cloud environments, including resource governance, cost management, and infrastructure-as-code (IaC) pipelines.
• Manage cloud networking, virtual machine operations, storage accounts, and security group configurations.
• Support cloud-native DR architectures and hybrid on-prem/cloud failover workflows.
• Implement tagging, policy, and RBAC controls to maintain cloud governance standards.
• Contribute to FinOps practices, including cost attribution, rightsizing, and cloud spend visibility reporting.

• Administer Microsoft 365 tenant services including Exchange Online, SharePoint, Teams, OneDrive, and Entra ID (Azure AD) in a hybrid environment.
• Manage Microsoft Intune for cloud-based endpoint management, compliance policy enforcement, app deployment, and conditional access.
• Design and operate Windows Autopilot deployment profiles for zero-touch provisioning of new and replacement devices.

• Manage Rubrik backups, SLA policies, archival workflows, replication, and orchestrated DR operations including Cloud Vault air-gap capabilities.
• Implement and maintain Zerto and/or Rubrik Orchestrator for automated failover, recovery workflows, and DR testing.
• Contribute to DR runbooks, tabletop exercises, and hybrid on-prem/cloud recovery architecture design.
• Apply structured recovery zone models (e.g., Red/Yellow/Green) to ensure clean-state recovery in breach scenarios.

• Execute vulnerability scanning, patch management workflows, and risk-based remediation tracking across Windows, Linux, and cloud workloads.
• Support system hardening, CIS benchmarking, and security baseline enforcement across server and endpoint fleets.
• Contribute to identity security posture including PAM integration, privilege tiering, and access review processes.
• Assist with compliance evidence collection and audit readiness activities aligned to ISO 27001, SOX, and GDPR requirements.

• Leverage AI-assisted tooling and agentic workflows (e.g., Copilot for M365, AI-enhanced ITSM, automated runbooks) to accelerate infrastructure operations and reduce manual toil.
• Develop and maintain automation scripts and pipelines using PowerShell, Python, and Ansible for configuration management, reporting, and operational workflows.
• Explore and operationalize emerging AI capabilities within the IT and security toolchain, partnering with InfoSec and DevOps teams on safe, governed adoption.
• Contribute to IaC practices using tools such as Terraform, Bicep, or ARM templates to standardize cloud provisioning.

• Work within an Agile/Kanban delivery model using Azure DevOps — participating in sprint planning, backlog grooming, daily standups, and retrospectives.
• Break down complex infrastructure initiatives into actionable epics, user stories, and tasks with clear acceptance criteria and effort estimates.
• Provide transparent work-item status updates to team leads and stakeholders through sprint reviews and shared dashboards.
• Collaborate cross-functionally with InfoSec, DevOps, and application teams to align infrastructure delivery with broader organizational priorities.
• Administer Microsoft Defender for Endpoint and integrate with SIEM/SOAR platforms for threat visibility and response.
• Manage M365 licensing, service health, and change management communications to end users and stakeholders.
• Maintain Active Directory/Entra ID hybrid identity, group policies, MFA, and SSO integrations.

Qualifications

• 7+ years of enterprise systems administration or engineering experience.
• Expertise with VMware vSphere/ESXi and virtual infrastructure management.
• Hands-on experience with Microsoft Intune, Windows Autopilot, and cloud-managed endpoint operations.
• Solid experience administering Microsoft 365 services (Exchange Online, Teams, SharePoint, Entra ID) in a hybrid environment.
• Proficiency with Azure and/or AWS cloud platforms, including governance, networking, and IaC fundamentals.
• Hands-on experience with Rubrik, Rubrik Orchestrator, and/or Zerto DR automation platforms.
• Strong background in Microsoft Active Directory, hybrid identity, and Windows Server.
• Experience with enterprise storage platforms (Pure Storage, HPE, Cloudian, Komprise).
• Familiarity with vulnerability management tools and patch management workflows.
• Experience working in Agile/Kanban environments using Azure DevOps or similar work management platforms.
• Familiarity with compliance frameworks (SOX, GDPR, ISO 27001) and service KPIs.
• Strong troubleshooting skills and an analytical, security-first mindset.

• Experience with HPE Synergy and composable infrastructure.
• ISO 27001 experience, audit readiness, and evidence support.
• Automation skills (PowerShell, Python, Ansible, Terraform/Bicep).
• Experience with Microsoft Defender for Endpoint and integration with SIEM/SOAR platforms.
• Exposure to AI-agentic tooling and Microsoft Copilot administration within M365.
• Linux administration experience (RHEL, CentOS, Ubuntu).
• Data center build/design experience with strong operational discipline.
• Experience with PAM platforms (e.g., CyberArk) and privileged access governance.
• Hybrid cloud storage or integration experience (Azure Blob, AWS S3, hybrid tiering).

Why Join Onto Innovation?

At Onto Innovation, we believe your work should matter—and so should your well-being. That’s why we offer competitive salaries and a comprehensive benefits package designed to support you and your family. From health, dental, and vision coverage to life and disability insurance, PTO, and a 401(k) with employer match, we’ve got you covered. You’ll also enjoy access to our Employee Stock Purchase Program (ESPP), wellness initiatives, and cutting-edge tools—all within a collaborative, inclusive culture where your contributions are valued and recognized.

Compensation & Growth

• Base Salary Range:

• Additional Rewards: Annual bonus opportunities and potential long-term incentives tied to both company and individual success.

Empowering Every Voice to Shape the Future:

Onto Innovation is committed to creating a workplace where every qualified candidate has an equal opportunity to succeed. We evaluate applicants based on skills, experience, and potential - without regard to race, color, religion, gender, sexual orientation, national origin, age, disability, veteran status, or any other characteristic protected by law. We believe diversity of thought and background drives innovation and strengthens our team.

Important Note on Export Compliance

For certain positions requiring access to technical data, U.S. export licensing review may be necessary for applicants who are not U.S. Citizens, Permanent Residents, or other protected persons under 8 U.S.C. 1324b(a)(3).