Senior IT Support Administrator

Requirements

• Significant hands-on experience as a senior IT systems administrator / workplace engineer in a modern SaaS-first environment
• Strong, deep experience with macOS MDM (Kandji, Jamf or equivalent) including blueprint design, ADE, custom profiles and API-driven automation
• Strong, deep experience with Microsoft Intune: Autopilot, update rings, compliance, proactive remediations and BYOD policy
• Expert level Microsoft Entra ID (Azure AD): Conditional Access, device compliance, hybrid join, SSO and Enterprise Apps
• Expert level Okta administration: lifecycle management, SCIM, MFA, SAML / OIDC integrations and external user onboarding
• Microsoft 365 tenant administration including Exchange Online and SharePoint Online (mail flow, DLP, external sharing, licensing)
• Experience in SecOps or working with Microsoft Defender for Endpoint: alert triage, EDR policy and device health
• Comfortable working as a sole IT contributor with high autonomy in a fast-paced, security-conscious environment
• Experience managing a 3rd-party IT MSP relationship from 1st to 3rd line as the internal escalation point
• Experience consuming REST APIs and building lightweight automation across MDM, identity and ITSM tooling
• Strong scripting in PowerShell and Bash / Shell for MDM, Exchange and general automation tasks
• Atlassian suite proficiency (Jira, Confluence) — boards, Jira Service Management, workflows and automation (Desirable)
• Experience in financial services, fintech or other regulated environments (Desirable)
• Experience supporting CIS, SOC2 or ISO 27001 audit cycles from the IT side (Desirable)
• Experience running an MDM migration (e.g. between Kandji / Jamf / Hexnode) without business impact (Desirable)
• Experience designing and deploying office networking (Cisco Meraki, UniFi) including site-to-site VPN and VLAN segmentation (Desirable)
• Experience evaluating and onboarding M365 / Entra ID / SaaS backup tooling (e.g. Commvault Cloud) (Desirable)
• Vendor procurement experience: RFPs, quote analysis and contract negotiation, including via platforms such as Vertice (Desirable)
• Experience integrating MDM with identity (Kandji Entra ID / Okta device trust, Intune compliance signals to Conditional Access)

What the job involves

• Own and operate FINBOURNE's corporate IT estate — spanning identity and access management, endpoint and device management, workplace security operations, and office infrastructure
• Administer the full SaaS and device estate across macOS and Windows, managing identity platforms including Okta and Microsoft Entra ID, and owning office networking across Cisco Meraki and UniFi
• Act as the primary internal IT point of contact for all staff, manage the relationship with our third-party MSP, and contribute directly to audit and compliance evidence for SOC2 and ISO
• Leverage AI tools — including Claude and Claude Code — to automate routine tasks, accelerate scripting, and improve documentation
• Administer Okta (and to a lesser degree Microsoft Entra ID) and internal identity management tools across the joiner / mover / leaver lifecycle for staff and external contractors
• Maintain Conditional Access policies, MFA enforcement, device compliance signals and SSO integrations across the SaaS estate
• Manage RBAC and entitlement reviews across Microsoft 365, Okta, Atlassian and third-party SaaS applications
• Own SCIM provisioning, SAML/OIDC integrations and Okta lifecycle workflows for new and existing applications
• Manage 1Password as the enterprise secrets store: vault structure, group access, recovery and offboarding
• Run access reviews and offboarding audits, ensuring complete and timely removal of access on leavers
• Own the macOS fleet via Kandji: blueprints, ADE / zero‑touch enrolment, software deployment, custom .mobileconfig profiles, scripting and patch currency
• Own the Windows fleet via Microsoft Intune: Autopilot, update rings, feature update convergence, proactive remediations and third-party app delivery
• Define and maintain BYOD policies, MDM-to‑Entra ID / Okta device trust, and device compliance baselines
• Maintain CIS Level 1 benchmark compliance across macOS and Windows fleets, including authoring profiles to remediate gaps
• Own hardware procurement, asset tracking (Jira ITA) and the full device lifecycle (new, refresh, offboarding, secure wipe)
• Triaging and responding to Microsoft Defender for Endpoint alerts; escalating to the security team where appropriate
• Maintain CIS benchmark coverage and producing audit evidence for SOC2, ISO and customer assurance requests
• Perform eDiscovery and compliance searches in Microsoft 365 in support of Legal and HR investigations
• Drive quarterly security hygiene tasks: stale account cleanup, MFA coverage checks, conditional access reviews, MDM drift detection
• Act as the workplace‑side counterpart to platform security, owning controls on the corporate / staff identity and device estate
• Administer Exchange Online: mail flow rules, transport, shared mailboxes, dynamic distribution lists, anti‑spam and anti‑phishing posture
• Administer SharePoint Online: new site provisioning, DLP policies, external sharing controls and information barriers
• Manage Microsoft 365 tenant‑level configuration, licensing optimisation, and feature rollout
• Support Slack, Microsoft Teams, Notion and the Atlassian suite (Jira, Confluence) including access management and workflow / automation configuration
• Own office networking on Cisco Meraki / UniFi: VLAN design and segmentation, site‑to‑site VPN, wireless, and physical‑access integration
• Operate Microsoft Azure components used by IT: VMs, Key Vault, Automation Accounts, Enterprise Apps and Entra ID integration
• Design and deliver office build‑outs and network refreshes (e.g. Dublin office networking) end‑to‑end
• Act as the primary internal IT point of contact for all staff: tickets, walk‑ups, escalations and VIP support
• Manage the relationship with the 3rd‑party IT MSP across 1st–3rd line, acting as the internal escalation point and quality gate
• Own vendor relationships (resellers, MDM vendors, SaaS suppliers) and contract / renewal management
• Run vendor selection, quote analysis and procurement via resellers and platforms; building business cases for new tooling
• Maintain IT runbooks, admin guides and onboarding / offboarding documentation in Notion as the system of record
• Report on IT risk, operational posture and project delivery to the CISO and contributing to audit and compliance evidence
• Build lightweight automation across Kandji/Iru, Intune, Entra ID, Okta, Jira and Exchange via REST APIs, PowerShell and Bash / Shell
• Own automation and runbooks for routine IT tasks (provisioning, reporting, scheduled clean‑ups)
• Drive Jira webhook / Atlassian Automation flows for asset intake, device health reporting and service request fulfilment
• Use AI tools (Claude, Claude Code, Copilot) and develop AI Agents to accelerate scripting, runbook authoring, log triage and ticket response