IT SYSTEMS ENGINEER (ENDPOINT)

SpaceX is seeking an experienced IT Systems Engineer to join the Endpoint team. This multi-disciplinary role is responsible for designing, implementing, and operating modern endpoint management infrastructure with deep expertise in Jamf, Fleet, Intune, and Entra Conditional Access, while providing strong cross-platform support across Apple macOS, iOS, and Windows 11 / Windows Server environments.

The position requires building secure, compliant, and highly automated solutions at scale. The ideal candidate brings significant experience with enterprise device management platforms, advanced scripting and automation, observability through Splunk, and a forward-looking approach to incorporating AI workflows to improve security, efficiency, and compliance.

Candidates will work in a fast-paced environment supporting mission-critical systems. They should be self-starters who thrive on solving complex problems, driving standards, and enabling other teams through excellent documentation and automation.

RESPONSIBILITIES:

• Architect, implement, and manage Jamf, Fleet, Microsoft Intune, and Entra Conditional Access policies to enforce zero-trust principles and device compliance across the fleet
• Design, deploy, and maintain endpoint configurations, compliance policies, application deployments, and security baselines for Windows 11, Windows Server, macOS, and iOS devices
• Develop and maintain advanced automation using PowerShell, Bash, and AppleScript to handle provisioning, configuration management, patching, remediation, and reporting at enterprise scale
• Integrate telemetry from Intune, Jamf, and other endpoint platforms with Splunk to deliver real-time monitoring, alerting, compliance dashboards, and support for security investigations
• Implement, audit, and maintain endpoint controls aligned with CIS benchmarks while ensuring strict adherence to ITAR and EAR regulatory requirements for devices, configurations, and data handling
• Evaluate, pilot, and operationalize AI-powered workflows and tools (including LLM-assisted scripting, intelligent policy analysis, and automated remediation) to increase efficiency and reduce risk
• Collaborate closely with Security, Compliance, Infrastructure, and business stakeholders to define endpoint standards, drive configuration and patch compliance across endpoint platforms, and support audits involving endpoint platforms and systems
• Create and maintain high-quality documentation, runbooks, and knowledge articles; provide training and tier-3 escalation support to IT and support teams
• Lead or significantly contribute to major endpoint projects such as OS migrations, Entra Conditional Access expansions, new platform integrations, and automation platform improvements
• Continuously improve the team's automation, monitoring, compliance posture, and operational resilience through scripting, policy refinement, and process optimization

BASIC QUALIFICATIONS:

• Bachelor's Degree in Computer Science, Information Technology, or related technical discipline and 5+ years of hands-on experience designing, implementing, and managing Jamf, Fleet, Intune, and Entra Conditional Access in large enterprise environments; OR 7+ years of hands-on experience designing, implementing, and managing Jamf, Fleet, Intune and Entra Conditional Access in large enterprise environments in lieu of a degree
• Experience with Apple macOS and iOS enterprise management as well as Windows 11 and Windows Server operating systems
• Experience implementing security controls and compliance frameworks in regulated environments

PREFERRED SKILLS AND EXPERIENCE:

• Hands-on experience integrating endpoint platforms with Splunk for SIEM, compliance reporting, and operational visibility
• Direct experience implementing CIS benchmarks and operating in ITAR/EAR-controlled environments
• Familiarity with AI workflows and tools, such as using large language models for script development, policy generation, log analysis, or operational automation
• Significant experience developing and maintaining production-grade scripts in PowerShell, Bash, and AppleScript
• Proficiency with Microsoft Graph API, advanced PowerShell module development, modern automation/CI-CD practices, GitOps, DevOps tooling, and Infrastructure as Code (IaC)
• Relevant Microsoft and Apple certifications (e.g., MS-102 Endpoint Administrator, AZ-900 Microsoft Azure Fundamentals, Jamf-200/300, or security/compliance credentials)
• Experience leading cross-functional endpoint projects and mentoring or training other IT team members
• Excellent written and verbal communication skills, with the ability to explain complex technical topics to technical and non-technical audiences

ADDITIONAL REQUIREMENTS:

• Able and willing to participate in after-hours or weekend support when necessary to resolve unplanned outages or perform maintenance during planned downtime windows
• Must be comfortable working with mission-critical and sensitive systems in a highly regulated environment

COMPENSATION AND BENEFITS:

Pay Range:
$135,000.00 - $170,000.00

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills, education, and experience.

Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives, in the form of company stock or long-term cash awards, as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short and long-term disability insurance, life insurance, paid parental leave, and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Employees accrue paid sick leave pursuant to Company policy which satisfies or exceeds the accrual, carryover, and use requirements of the law.