Systems Engineer

We are looking for a Senior System Engineer to own the end-to-end engineering and modernization of our IT Workplace environment. You will design build and operate not just administer. You will be expected to bring strong opinions make architectural decisions and drive outcomes with minimal supervision. You will be working closely with the IT Infrastructure Operations Security Engineering and Operations and IT Support.
You are someone who reaches for a script before reaching for a GUI who gets genuinely excited about AI-assisted automation and who has led or significantly contributed to workplace migrations in complex fast-moving environments.
This role operates in two modes: steady-state engineering of QIMAs workplace platform and projects and technical ownership of M&A integrations which represent a significant share of the workload given QIMAs active acquisition pipeline. Both modes draw on the same engineering foundation; you will be expected to move fluently between them.

What you will own
Microsoft 365 & Workplace systems engineering
    Maintain deep working knowledge of the QIMA Microsoft 365 tenant: Exchange Online Teams SharePoint Online OneDrive for Business Viva and adjacent workplace technologies (e.g. digital signage) as the technical foundation for all integration migration and project work. 
    Execute M365 workstream during integrations: tenant-to-tenant migrations cross-platform migrations and greenfield deployments covering mailboxes calendars files Teams and shared resources with minimal disruption to end users. 
    Manage domain transfers and DNS migrations for acquired entities: registrar transfer DNS record replication and cutover MX record migration mail routing validation and working knowledge of email authentication records (SPF DKIM DMARC) sufficient to execute and validate configurations during migrations. 
    Build and maintain automation (PowerShell Microsoft Graph API) and apply AI-assisted tooling (M365 Copilot GitHub Copilot) to eliminate repetitive operational work and accelerate engineering tasks.
    Operate the workplace service layer with ITIL discipline (incident problem change service request) using Freshdesk as the tool of record.

Identity & Access Management
    Own the identity platform end-to-end during project migrations and M&A integrations: Microsoft Entra ID (Azure AD) on-premises Active Directory and their hybrid interconnection.
    Design and enforce Conditional Access policies Privileged Identity Management (PIM) and role-based access control (RBAC) across the full application and service estate.
    Engineer Single Sign-On (SSO) integrations for internal and third-party applications (SaaS ERP CRM HRIS) using SAML OAuth 2.0 and OIDC etc. 
    Manage the identity lifecycle as part of M&A integrations: joiners movers leavers and automated provisioning/deprovisioning via Entra ID governance and SCIM.
    Harden the identity posture: enforce MFA password less authentication and zero-trust access principles across all user populations.

Device Management & Zero-Touch Engineering
    Assess the acquired entitys device fleet during discovery: total count OS versions MDM/RMM coverage patch status encryption state and software licensing compliance producing a clear recommendation per device (enroll as-is re-image or flag for replacement by IT Operations). 
    Execute device enrolment into QIMAs MDM and RMM platforms across all in-scope devices using zero-touch provisioning workflows where possible (Windows Autopilot Apple Automated Device Enrolment via Apple Business Manager). 
    Engineer Intune device configuration profiles compliance policies app protection policies (MDM/MAM) and self-service application catalogues for Windows macOS.
    Deploy and configure the RMM platform across the acquired fleet: monitoring patch management scripted remediation and endpoint visibility ensuring full coverage before handover to IT Operations.
    Integrate RMM MDM and identity platforms into a unified policy-driven device posture ensuring every device is known compliant and secured before accessing corporate resources.

Technical Project Management Project Delivery and M&A Integration
    Lead the technical workstream for projects and integration: scoping planning execution and post-cutover stabilization while working with the solutions architect for deployment of applications within the QIMA infrastructure.
    Define and execute the integration strategy based on the source environment (tenant-to-tenant migration cross-platform migration on-premises lift-and-shift or greenfield deployment): messaging file services identities devices and collaboration tools with minimal disruption to end users.
    Assess acquired entities environments: Identity infrastructure (AD/directory topology admin accounts service accounts) collaboration platform (mail files calendar chat) device fleet (OS versions MDM/RMM coverage patch status encryption) server estate domain portfolio DNS configuration email records (MX SPF DKIM DMARC) public-facing web assets SaaS subscriptions and software licensing compliance.
    Produce and own projects and integration playbooks migration runbooks project schedules risk registers and rollback procedures.
    Conduct post-migration reviews document lessons learned and continuously improve the integration methodology.
 

Qualifications :

Experience

• 5 years of hands-on workplace and cloud engineering experience (Cloud platforms Azure AWS GCP Microsoft 365 Entra ID Intune Active Directory).
• Demonstrated experience leading at least one significant workplace migration or integration project end-to-end.
• Proven track record of building automation not just using it.
• Has experience working on APIs MCPs and can work on the creation of AI connectors as needed.

Technical Skills

• Deep expertise in Microsoft 365 tenant architecture and Exchange Online / Teams hybrid scenarios.
• Expertise on managing cloud infrastructure (AWS/Azure/GCP).
• Strong identity engineering skills: Entra ID Active Directory SSO federation (SAML / OIDC / OAuth 2.0) and lifecycle automation.
• Strong Intune engineering skills: Autopilot ADE compliance policies app protection and cross-platform device management.
• Hands-on experience with Apple Business Manager and automated device enrollment.
• Practical experience with Datto RMM or an equivalent platform (NinjaRMM ConnectWise Automate etc.).
• Hands-on experience operating endpoint AV / EDR at scale Bitdefender CrowdStrike or equivalent.
• Hands-on experience with domain transfers DNS migrations and email infrastructure cutovers including MX records mail routing validation and working knowledge of SPF DKIM and DMARC sufficient to execute and validate configurations during migrations.
• Strong proficiency in PowerShell and Microsoft Graph API; comfort with REST APIs and scripted automation.
• Active interest in AI-assisted tooling and willingness to integrate it into daily engineering work.
• Working knowledge of ITIL / ITSM practice; experience operating in a Freshdesk or comparable service management platform.
• Fluent in English (written and spoken) - required for cross-region collaboration across QIMAs global teams.

Additional Information :

Does this describe you Then we want to hear from you as soon as possible! Apply now with your CV in English and we can write the next chapter of the QIMA story together!

Remote Work :

No

Employment Type :

Full-time