IT Systems Engineer (Endpoint)

SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not. Today SpaceX is actively developing the technologies to make this possible with the ultimate goal ofenabling human life on Mars.

IT SYSTEMS ENGINEER (ENDPOINT)

SpaceX is seeking an experienced IT Systems Engineer to join the Endpoint team. This multi-disciplinary roleis responsible fordesigning implementing andoperatingmodern endpoint management infrastructure with deepexpertiseinJamf Fleet Intune and Entra Conditional Access while providing strong cross-platform support across Apple macOS iOS and Windows 11 / Windows Server environments.

The position requires building secure compliant and highly automatedsolutions atscale. The ideal candidate bringssignificant experiencewith enterprise device management platforms advanced scripting and automation observability through Splunk and a forward-looking approach to incorporating AI workflows to improve security efficiency and compliance.

Candidates will work in a fast-paced environment supporting mission-critical systems. They should be self-starters who thrive on solving complex problems driving standards and enabling other teams through excellent documentation and automation.

RESPONSIBILITIES:

• Architect implement and manageJamf Fleet Microsoft Intune and Entra Conditional Access policies to enforce zero-trust principles and device compliance across the fleet
• Design deploy and maintain endpoint configurations compliance policies application deployments and security baselines for Windows 11 Windows Server macOS and iOS devices
• Develop and maintain advanced automation using PowerShell Bash and AppleScript to handle provisioning configuration management patching remediation and reporting at enterprise scale
• Integrate telemetry from Intune Jamf and other endpoint platforms with Splunk to deliver real-time monitoring alerting compliance dashboards and support for security investigations
• Implement audit and maintain endpoint controls aligned with CIS benchmarks while ensuring strict adherence to ITAR and EAR regulatory requirements for devices configurations and data handling
• Evaluate pilot and operationalize AI-powered workflows and tools (including LLM-assisted scripting intelligent policy analysis and automated remediation) to increase efficiency and reduce risk
• Collaborate closely with Security Compliance Infrastructure and business stakeholders to define endpoint standards drive configuration and patch compliance across endpoint platforms and support audits involving endpoint platforms and systems
• Create and maintain high-quality documentation runbooks and knowledge articles; provide training and tier-3 escalation support to IT and support teams
• Lead or significantly contribute to major endpoint projects such as OS migrations Entra Conditional Access expansions new platform integrations and automation platform improvements
• Continuously improve the teams automation monitoring compliance posture and operational resilience through scripting policy refinement and process optimization

BASIC QUALIFICATIONS:

• Bachelors Degree in Computer Science Information Technology or related technical discipline and 5 years of hands-on experience designing implementing and managing Jamf Fleet Intune and Entra Conditional Access in large enterprise environments; OR 7 years of hands-on experience designing implementing and managing Jamf Fleet Intune and Entra Conditional Access in large enterprise environments in lieu of a degree
• Experience with Apple macOS and iOS enterprise management as well as Windows 11 and Windows Server operating systems
• Experience implementing security controls and compliance frameworks in regulated environments

PREFERRED SKILLS AND EXPERIENCE:

• Hands-on experience integrating endpoint platforms with Splunk for SIEM compliance reporting and operational visibility
• Direct experience implementing CIS benchmarks and operating in ITAR/EAR-controlled environments
• Familiarity with AI workflows and tools such as using large language models for script development policy generation log analysis or operational automation
• Significant experience developing and maintaining production-grade scripts in PowerShell Bash and AppleScript
• Proficiency with Microsoft Graph API advanced PowerShell module development modern automation/CI-CD practices GitOps DevOps tooling and Infrastructure as Code (IaC)
• Relevant Microsoft and Apple certifications (e.g. MS-102 Endpoint Administrator AZ-900 Microsoft Azure Fundamentals Jamf-200/300 or security/compliance credentials)
• Experience leading cross-functional endpoint projects and mentoring or training other IT team members
• Excellent written and verbal communication skills with the ability to explain complex technical topics to technical and non-technical audiences

ADDITIONAL REQUIREMENTS:

• Able and willing toparticipatein after-hours or weekend support when necessary to resolve unplanned outages or perform maintenance during planned downtime windows
• Must be comfortable working with mission-critical and sensitive systems in a highly regulated environment

COMPENSATION AND BENEFITS:

Pay Range:
$135000.00 - $170000.00

Your actual level and base salary will be determined on a case-by-case basis and may vary based on the following considerations: job-related knowledge and skills education and experience.

Base salary is just one part of your total rewards package at SpaceX. You may also be eligible for long-term incentives in the form of company stock or long-term cash awards as well as potential discretionary bonuses and the ability to purchase additional stock at a discount through an Employee Stock Purchase Plan. You will also receive access to comprehensive medical vision and dental coverage access to a 401(k) retirement plan short and long-term disability insurance life insurance paid parental leave and various other discounts and perks. You may also accrue 3 weeks of paid vacation and will be eligible for 10 or more paid holidays per year. Employees accrue paid sick leave pursuant to Company policy which satisfies or exceeds the accrual carryover and use requirements of the law.

ITAR REQUIREMENTS:

• To conform to U.S. Government export regulations applicant must be a (i) U.S. citizen or national (ii) U.S. lawful permanent resident (aka green card holder) (iii) Refugee under 8 U.S.C. 1157 or (iv) Asylee under 8 U.S.C. 1158 or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

SpaceX is an Equal Opportunity Employer; employment with SpaceX is governed on the basis of merit competence and qualifications and will not be influenced in any manner by race color religion gender national origin/ethnicity veteran status disability status age sexual orientation gender identity marital status mental or physical disability or any other legally protected status.

Applicants wishing to view a copy of SpaceXs Affirmative Action Plan for veterans and individuals with disabilities or applicants requiring reasonable accommodation to the application/interview process should reach out to.