IT Systems Engineer

As IT Systems Engineer (Level 2), you will be the senior hands-on technical resource within the team, acting as the primary escalation point for complex issues and taking direct ownership of platform administration across Azure/Entra ID, Exchange Online, Microsoft Intune, Defender, SharePoint, and Cloudflare DNS. You will supervise and mentor the Level 1 analyst, drive automation improvements, and play an active role in continuing to mature BGS's independent IT environment. This role suits a technically confident engineer with strong M365/Azure hands-on experience who thrives where initiative is rewarded and the scope of impact is broad.

Key Responsibilities

• Handle IT support requests directly alongside the Level 1 analyst – this is a hands-on role and ticket work is a core part of it.
• Take ownership of complex or time-sensitive incidents from the queue, applying deeper technical knowledge to drive faster resolution.
• Act as the escalation point for issues beyond Level 1 scope, providing guidance and co-resolution rather than simply redirecting.
• Review tickets regularly with the Level 1 analyst, using real cases to coach and develop their skills.
• Contribute to service continuity planning and ensure coverage during peak periods or absences.

Microsoft 365 & Azure Administration

• Administer Azure AD / Entra ID including user lifecycle, dynamic groups, Conditional Access policies, and Named Locations.
• Manage Exchange Online configuration including transport rules, mail flow, shared mailboxes, and distribution lists.
• Oversee Microsoft Intune device compliance policies, configuration profiles, and Autopilot deployment across Windows and mobile.
• Administer SharePoint Online and Teams environments including site architecture, permissions, and governance.
• Manage Microsoft Defender for Endpoint and Microsoft 365 Defender, including policy tuning and incident response.

Infrastructure & Security

• Own DNS administration via Cloudflare, including record management and email authentication (SPF, DKIM, DMARC).
• Maintain and improve email security posture, monitoring deliverability and managing third-party filtering integrations.
• Administer Azure App Services, Logic Apps, and related cloud resources supporting internal tooling.
• Support network infrastructure including firewall policy review, VPN management, and office connectivity.
• Conduct regular access reviews, enforce least-privilege principles, and contribute to security audit readiness.

Projects & Automation

• Take an active engineering role in BGS infrastructure maturation – owning policy builds, automation rollouts, and platform governance.
• Develop and maintain PowerShell and Microsoft Graph API scripts to automate repetitive administration tasks.
• Contribute to the development and maintenance of internal IT tooling, including the HR Lifecycle automation platform built on Azure and the Anthropic Claude API.
• Evaluate and implement new tooling or integrations (e.g. Jira Service Management, SSO via Entra ID) following a documentation-first approach.
• Produce and maintain technical documentation, runbooks, and change records to support operational continuity.

Skills & Experience

Essential

• 3+ years in a hands-on IT engineering or senior support role within an M365/Azure environment.
• Strong working knowledge of Azure AD / Entra ID: user lifecycle, groups, Conditional Access, MFA, and app registrations.
• Demonstrable experience administering Exchange Online, including mail flow, transport rules, and email security (SPF/DKIM/DMARC).
• Experience with Microsoft Intune / Endpoint Manager: device compliance, configuration profiles, and Autopilot.
• Proficiency in PowerShell scripting for administration and automation.
• Solid understanding of networking concepts: DNS, TCP/IP, VPN, firewall principles.
• Confident communicator able to translate technical detail for non-technical stakeholders.

Desirable

• Hands-on experience with Microsoft Graph API (REST calls, app registrations, delegated/application permissions).
• Familiarity with Cloudflare DNS administration.
• Exposure to Azure Logic Apps, Azure App Services, or equivalent automation/integration platforms.
• Familiarity with Jira Service Management or similar ITSM platforms.
• Microsoft certifications: AZ-104, MS-102, SC-300, or equivalent (or actively working towards).
• Experience with Python or other scripting languages for tooling and API integration work.

Person Specification

• Technically self-sufficient, with a bias towards ownership and resolution rather than escalation.
• Documentation-first mindset – prepares thoroughly and approaches production changes methodically and reversibly.
• Comfortable operating as both an individual contributor and a peer mentor in a small team.
• Calm and structured under pressure, able to manage competing priorities without losing precision.
• Security-conscious by default, treating access governance and data protection as core responsibilities.
• Curious and improvement-oriented, always looking to automate the repeatable and improve the maintainable.