System Engineer – Security Administration & Endpoint Management (QB - SE - 20260507)
TLDR
Own and operationalize endpoint security and access controls while integrating with corporate systems to enhance security posture and employee onboarding/offboarding efficiency.
Endpoint Security — Day-to-Day and Long-Term
Own the full lifecycle of endpoint protection across our workforce: CrowdStrike deployment and policy management, disk encryption, patch compliance, workstation configuration baselines, USB/device controls, and browser security. Not just tool deployment — actual enforcement, drift detection, and keeping posture current as the environment changes.
Access and Identity Operations
Own the operational side of access: provisioning when people join, revocation when they leave, and nothing falling through the cracks in between. Work closely with the Infrastructure & Automation engineer on tooling — but the day-to-day execution and accountability sits here. Access review cycles, Okta configuration hygiene, and admin account controls are part of this surface.
Security Helpdesk and Incident First Response
Be the first line for security-related requests and IT issues — employee requests, alert triage, investigation support, and escalation when needed. This isn't ticket-pushing. It means knowing when something is noise and when it needs to go further.
Endpoint Lifecycle
Own procurement, ordering destruction, and re-provisioning of endpoints.Our infrastructure relies on low-touch/no-touch setup and device trust for authentication Your responsibility is to make sure we source and maintain hardware that meets this mission.
Onboarding and Offboarding
Own the security side of the employee lifecycle end-to-end: provisioning, configuration, deprovisioning, and verification. This needs to be reliable and repeatable, not improvised each time.
Policy and Configuration Compliance
Ensure endpoint and access controls remain aligned to corporate security policies and compliance requirements (SOC 2, PCI). Own the evidence that these controls are in place and working .
Software License Compliance & Records — Maintain accurate inventory of software licenses, ensure compliance with vendor agreements, track renewals and usage against entitlements.
AI Tools Governance — Maintain visibility into AI tools in use across the company. Assess data handling practices, ensure tools meet acceptable use standards, and flag risk to security leadership. This is not a blocker function — it's a visibility and hygiene function.
- 2+ years in IT security, systems administration, or a hybrid security operations role
- Hands-on experience with endpoint management tools (CrowdStrike, JumpCloud, Jamf, or similar)
- Familiarity with identity platforms — JumpCloud, Google Workspace, or equivalent
- Comfort working across Mac and Windows environments
- Strong operational instincts: you close loops, you follow up, you notice when something's off
- Clear communicator — you can explain a security issue to a non-technical employee without making it complicated
- Scripting or automation experience is a plus (PowerShell, Python, Bash)
In 90 days, endpoint coverage is mapped, gaps are identified, and onboarding/offboarding has a defined, consistent process.
In 6 months, access controls are clean, patch compliance is tracked, and the security helpdesk function is running without things falling through.
In a year's time, this layer of the company’s security posture will be reliable, documented, and no longer a source of surprises.
What This Role Is NOTIf you want work that's already defined and waiting in a queue, this isn't it. If you want to own an operational domain that matters and build it properly, let's talk.
Celara develops innovative software solutions for the restaurant industry, leveraging a modern tech stack to enhance operational efficiency and customer engagement. We cater to restaurants looking to streamline their processes and improve the overall dining experience, making it easier for them to thrive in a competitive market.