System Engineer – Security Administration & Endpoint Management (QB - SE - 20260507)

The Company builds enterprise software that powers restaurant chains at scale. Our systems span cloud infrastructure, distributed platforms, on-premise components, and a growing product ecosystem.

Security here is not abstract. It lives in the tools people use every day — their laptops, their access, their accounts. When something breaks, someone needs to own it. When someone joins or leaves, there needs to be a clean process. When an alert fires, someone needs to respond. That someone is this role!

 

You are the operational layer of security.

This is not a pure IT helpdesk role, and it's not a pure security engineering role. It sits exactly at the intersection — someone who can configure CrowdStrike and also help a new employee get set up, who understands why access controls matter and can actually enforce them, who responds to endpoint alerts and also makes sure offboarding doesn't leave loose ends.

Our corporate environment runs on low-touch/zero-touch trusted Mac/Windows devices, enterprise systems, and numerous hosted technologies. We have security tools deployed. What we don't have is consistent, end-to-end operational ownership of this layer. 

That's what this role builds.

Endpoint Security — Day-to-Day and Long-Term
Own the full lifecycle of endpoint protection across our workforce: CrowdStrike deployment and policy management, disk encryption, patch compliance, workstation configuration baselines, USB/device controls, and browser security. Not just tool deployment — actual enforcement, drift detection, and keeping posture current as the environment changes.

Access and Identity Operations
Own the operational side of access: provisioning when people join, revocation when they leave, and nothing falling through the cracks in between. Work closely with the Infrastructure & Automation engineer on tooling — but the day-to-day execution and accountability sits here. Access review cycles, Okta configuration hygiene, and admin account controls are part of this surface.

Security Helpdesk and Incident First Response
Be the first line for security-related requests and IT issues — employee requests, alert triage, investigation support, and escalation when needed. This isn't ticket-pushing. It means knowing when something is noise and when it needs to go further.

Endpoint Lifecycle
Own procurement, ordering destruction, and re-provisioning of endpoints.Our infrastructure relies on low-touch/no-touch setup and device trust for authentication  Your responsibility is to make sure we source and maintain hardware that meets this mission.

Onboarding and Offboarding
Own the security side of the employee lifecycle end-to-end: provisioning, configuration, deprovisioning, and verification. This needs to be reliable and repeatable, not improvised each time.

Policy and Configuration Compliance
Ensure endpoint and access controls remain aligned to corporate security policies and compliance requirements (SOC 2, PCI). Own the evidence that these controls are in place and working .

Software License Compliance & Records — Maintain accurate inventory of software licenses, ensure compliance with vendor agreements, track renewals and usage against entitlements.

AI Tools Governance — Maintain visibility into AI tools in use across the company. Assess data handling practices, ensure tools meet acceptable use standards, and flag risk to security leadership. This is not a blocker function — it's a visibility and hygiene function.

• 2+ years in IT security, systems administration, or a hybrid security operations role
• Hands-on experience with endpoint management tools (CrowdStrike, JumpCloud, Jamf, or similar)
• Familiarity with identity platforms — JumpCloud, Google Workspace, or equivalent
• Comfort working across Mac and Windows environments
• Strong operational instincts: you close loops, you follow up, you notice when something's off
• Clear communicator — you can explain a security issue to a non-technical employee without making it complicated
• Scripting or automation experience is a plus (PowerShell, Python, Bash)

 

Not a SOC analyst watching dashboards. Not a pure IT support role that doesn't care about security posture. Not a compliance auditor building policy documents from templates.

If you want work that's already defined and waiting in a queue, this isn't it. If you want to own an operational domain that matters and build it properly, let's talk.