Sr. Systems Administrator

Varda is looking for a Sr. Systems Administrator who is equal parts identity architect and cloud operator who can own platforms that every employee, device, and application depends on to get work done. You’ll be the technical authority for Okta, Microsoft 365 GCC High, Azure/Entra ID, and our MDM ecosystem across macOS, Windows, and Linux. This isn’t just about keeping the lights on: you’ll architect zero-trust access policies, drive lifecycle identity automation, integrate device compliance into conditional access, and ensure our platforms are audit-ready in an ITAR-regulated environment. You’ll work directly with Engineering, Security, Manufacturing, and Business Operations teams — and your decisions will directly shape how securely and efficiently a fast-growing space company operates.

This is a full-time, exempt position located in our El Segundo headquarters.

• →Architect and administer the Okta tenant end-to-end — SSO application integrations, MFA policies, lifecycle management (joiner/mover/leaver), Okta Workflows, and Identity Governance and Administration (IGA) features, including access certifications and entitlement management.
• →Own Microsoft 365 GCC High and Azure/Entra ID — Exchange Online, SharePoint, Teams, conditional access policies, and tenant security configuration tuned for ITAR compliance boundaries.
• →Design and maintain hybrid identity infrastructure, including Active Directory, Entra Connect synchronization, and federation trust relationships.
• →Architect and administer endpoint management across all platforms — JAMF Pro for macOS, Microsoft Intune for Windows, and supplemental MDM tooling for Linux — including device enrollment, configuration profiles, compliance policies, application deployment, and OS patch management.
• →Bridge device compliance and identity: integrate JAMF and Intune compliance signals into Okta and Entra ID conditional access policies so device trust is a hard requirement for resource access.
• →Develop and enforce conditional access and zero-trust policies across Okta and Entra ID to protect sensitive resources in an ITAR-regulated environment.
• →Build and maintain Okta Workflows and Azure Logic Apps/Power Automate flows to automate user provisioning, deprovisioning, group management, and access request fulfillment.
• →Administer and optimize SCIM provisioning between Okta and downstream SaaS applications — Google Workspace, Jira, Confluence, Slack, Smartsheet, 1Password, and others.
• →Monitor and respond to identity-related security events — such as suspicious sign-ins, token abuse, and privilege escalation — using Okta System Log, Entra ID audit logs, and CrowdStrike telemetry.
• →Partner with the Security team on compliance efforts tied to Vanta, NIST 800-171, CMMC, and ITAR, with direct ownership of access control, audit logging, and least-privilege enforcement.
• →Manage certificate lifecycles, SAML/OIDC trust configurations, and API token governance across the SaaS portfolio.
• →Create and maintain runbooks, architecture diagrams, and knowledge base articles in Confluence — leaving documentation better than you found it.
• →Mentor junior IT team members on identity, cloud platform, and endpoint management best practices.
• →Drive scripting and automation (PowerShell, Python, Bash) to streamline administration, reporting, and incident response across identity, cloud, and MDM systems.
• →Lead special projects from kickoff to completion, with full accountability for outcomes.

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, or a related field, or equivalent hands-on experience that speaks for itself.
• 5+ years in systems administration, with at least 3 years focused on identity platforms (Okta, Entra ID/Azure AD) and Microsoft 365 administration.
• Proficiency with Okta administration — application integration (SAML, OIDC, SCIM), MFA enrollment policies, group rules, and lifecycle management.
• Strong working knowledge of Microsoft 365 administration — Exchange Online, SharePoint Online, Teams, Entra ID conditional access, and Azure AD Connect.
• Experience administering MDM platforms across macOS, Windows, and Linux — including JAMF Pro and Microsoft Intune — with a solid understanding of device enrollment, compliance policies, and configuration management at scale.
• Experience with Active Directory — GPO management, OU design, replication troubleshooting, and hybrid join scenarios.
• Proficiency with PowerShell for Microsoft Graph API, Exchange Online, and Entra ID automation.
• Self-directed and calm under pressure, with a track record of delivering complex identity and cloud infrastructure projects.
• Clear communicator who can engage effectively with both technical and non-technical stakeholders.

• Microsoft certifications: AZ-104 (Azure Administrator), SC-300 (Identity and Access Administrator), MS-102 (Microsoft 365 Administrator), or MD-102 (Endpoint Administrator).
• Okta Certified Professional or Okta Certified Administrator certification.
• Experience operating Microsoft 365 GCC High or GCC tenants with a clear understanding of the compliance boundary differences from commercial M365.
• Hands-on experience with Okta Workflows, Okta Identity Governance (OIG), or Okta Privileged Access.
• Advanced JAMF Pro administration: Prestage Enrollments, smart groups, extension attributes, and JAMF-to-Okta/Entra device compliance integration.
• Experience with Microsoft Intune Autopilot, compliance policies, and co-management scenarios in hybrid AD/Entra environments.
• Familiarity with Linux endpoint management solutions (Landscape, Fleet, CHEF, Ansible, or equivalent).
• Familiarity with SIEM/SOAR integration for identity event correlation (PagerDuty, Snowflake, or equivalent).
• Experience supporting NIST 800-171, CMMC, and ITAR compliance with direct responsibility for access control and endpoint compliance implementation.
• Prior experience in a high-growth startup or aerospace environment is highly desirable.

Varda, like all employers, must ensure that its employees working in the United States are lawfully authorized to work in the U.S.  Additionally, our employees are exposed to and have access to certain export-controlled items. At present, some of our technology to which employees have access requires a license to be exported to individuals other than “U.S. Persons” as defined in U.S. export regulations. Because our employees are provided access to export-controlled items, our current policy is to only hire “U.S. persons” who are permitted to have access to our technology without an export license. 

“US person” means: U.S. citizen, U.S. lawful permanent resident, or protected individual as defined by 8 U.S.C. 1324b(a)(3) (i.e., individual admitted to the U.S. as a refugee or granted asylum in the U.S.)

Learn more about the ITAR here.  

Job-related skills, education, experience, and performance determine leveling and base salary. You’ll also be eligible for incentives in the form of stock options and/or long-term cash awards. 

• 🚀 Equity in a fully funded space startup with serious growth potential 
• 💰 401(k) matching 
• 🏖️ Unlimited PTO 
• 🏥 Health, vision, and dental insurance 
• 🍱 Daily lunch and snacks on site; dinners twice a week 
• 👶 Maternity/Paternity leave 

Varda Space Industries, Inc. participates in the U.S. Department of Homeland Security E-Verify program. The E-Verify program is an Internet-based employment eligibility verification system operated by the U.S. Citizenship and Immigration Services. Learn more about the E-Verify program.

E-Verify Notice                                                               Right To Work Notice

Read more                                                                             Read more