Systems Engineer

Vestmark is seeking a Systems Engineer to join our Enterprise IT team and help modernize our IT environment by improving hardware deployment, management efficiency, and user support.

This role serves as the first point of contact for end-user technical support across Windows, Mac, and Linux systems, with a growing focus on Apple device management (Macs and iOS devices) through Intune. The engineer will play a key role in our upcoming migration from on-premises Active Directory and OKTA to Entra ID (Azure AD) with Microsoft Authenticator, including setting up SSO integrations, implementing SCIM provisioning, and applying RBAC best practices.

The ideal candidate is customer-focused, ensuring a superior IT support experience while maintaining system security, availability, and efficiency. This position involves managing IT systems, driving strategic IT projects, and directly supporting Vestmark’s hybrid workforce.

Key Responsibilities

• Serve as frontline support for Apple devices (MacBooks, iPhones) within Intune MDM, including deployment, security, and lifecycle management.
• Manage Intune and Autopilot for Windows and Apple endpoints, ensuring seamless zero-touch deployment and configuration.
• Support Vestmark’s migration projects, including:
• Transition from on-premises Active Directory to Entra ID (Azure AD).
• Migration of SSO applications from OKTA to Azure ID.
• Implementation of SCIM and RBAC for identity and access management.
• Administer Microsoft 365, Exchange Online, SharePoint, OneDrive, and Teams.
• Familiarity with networking (TCP/IP, Switching, WiFi, Routing, Firewalls)
• Administer and maintain Active Directory, DNS, DHCP, and Group Policy (during transition).
• Deploy, configure, and manage endpoint management and security solutions.
• Perform system builds, including desktops, laptops, and servers.
• Administer and maintain cloud-based solutions and SaaS applications.
• Manage system backups and perform data restores as required.
• Monitor IT support ticket queues, ensuring timely resolutions and adherence to SLAs.
• Create, maintain, and improve IT documentation, best practices, and knowledge base articles.
• Evaluate emerging technologies to ensure compatibility with business needs.
• Maintain compliance with IT security standards and industry best practices.

Required Qualifications

• 4+ years of experience as a Systems Administrator/Engineer.
• Strong experience with Microsoft Intune, Autopilot, and endpoint management for both Windows and Apple devices.
• Hands-on experience with Azure AD / Entra ID, including SSO integrations, SCIM provisioning, and RBAC.
• Strong understanding of Microsoft 365 administration (Exchange Online, SharePoint, OneDrive, Teams).
• Familiarity with OKTA to Azure ID migration projects is a plus.
• Understanding of networking concepts: DNS, DHCP, VPNs, and firewalls.
• Experience with virtualization (VMware vSphere).
• Scripting/automation with PowerShell.
• Strong troubleshooting skills across hardware, software, and cloud services.
• Experience with security tools (Mimecast, Sentinel One, Zscaler).

Preferred Qualifications

• Experience with the Atlassian suite (Jira, Confluence, JSM).
• Knowledge of compliance and data protection tools (Varonis, Arctic Wolf).
• Familiarity with Palo Alto Panorama firewall management.
• Experience with vulnerability management tools (Tenable).
• Experience with policy and risk management software (LogicGate).
• Broader scripting/automation experience.

Necessary Attributes

• Customer-first mindset with strong support skills.
• Ability to work independently and collaboratively in a dynamic environment.
• Excellent analytical, troubleshooting, and communication skills.
• Strong attention to detail and process documentation.

Vestmark is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. Vestmark prohibits employment discrimination on the basis of race, color, religion, gender identity, sex, sexual orientation, pregnancy, national origin, age, disability status, protected military or veteran status, and genetic information.  #LI-TG1 #LI-Onsite