Sr. Systems Administrator

About Varda

Low Earth orbit is open for business. Varda is accelerating the development of commercial space infrastructure from in-orbit pharmaceutical processing to reliable and economical reentry capsules.

From life-saving pharmaceuticals to more powerful fiber optics there is a world of products used on Earth today that can only be manufactured in space. Varda is accelerating innovation in the orbital economy by creating both the products and infrastructure needed so space can directly benefit life on Earth. Our mission is to expand the economic bounds of humankind.

Our team is uniquely suited to accomplishing this goal with leadership and staff comprised of veterans from SpaceX Blue Origin major pharmaceutical companies and Silicon Valley. Varda was founded in January 2021 by Will Bruey and Delian Asparouhov with significant backing from world class investors including Khosla Ventures Lux Capital Founders Fund Caffeinated Capital General Catalyst and Also Capital.

Varda is headquartered in El Segundo California where we have offices and a production facility where our vehicles equipment and materials are built integrated and tested. Varda also has offices in Washington DC and Huntsville AL.

Join Varda and work to create a bustling in-space ecosystem.

About the Role

Varda is looking for a Sr. Systems Administrator who is equal parts identity architect and cloud operator who can own platforms that every employee device and application depends on to get work done. Youll be the technical authority for Okta Microsoft 365 GCC High Azure/Entra ID and our MDM ecosystem across macOS Windows and Linux. This isnt just about keeping the lights on: youll architect zero-trust access policies drive lifecycle identity automation integrate device compliance into conditional access and ensure our platforms are audit-ready in an ITAR-regulated environment. Youll work directly with Engineering Security Manufacturing and Business Operations teams and your decisions will directly shape how securely and efficiently a fast-growing space company operates.

This is a full-time exempt position located in our El Segundo headquarters.

Responsibilities

• Architect and administer the Okta tenant end-to-end SSO application integrations MFA policies lifecycle management (joiner/mover/leaver) Okta Workflows and Identity Governance and Administration (IGA) features including access certifications and entitlement management.
• Own Microsoft 365 GCC High and Azure/Entra ID Exchange Online SharePoint Teams conditional access policies and tenant security configuration tuned for ITAR compliance boundaries.
• Design and maintain hybrid identity infrastructure including Active Directory Entra Connect synchronization and federation trust relationships.
• Architect and administer endpoint management across all platforms JAMF Pro for macOS Microsoft Intune for Windows and supplemental MDM tooling for Linux including device enrollment configuration profiles compliance policies application deployment and OS patch management.
• Bridge device compliance and identity: integrate JAMF and Intune compliance signals into Okta and Entra ID conditional access policies so device trust is a hard requirement for resource access.
• Develop and enforce conditional access and zero-trust policies across Okta and Entra ID to protect sensitive resources in an ITAR-regulated environment.
• Build and maintain Okta Workflows and Azure Logic Apps/Power Automate flows to automate user provisioning deprovisioning group management and access request fulfillment.
• Administer and optimize SCIM provisioning between Okta and downstream SaaS applications Google Workspace Jira Confluence Slack Smartsheet 1Password and others.
• Monitor and respond to identity-related security events such as suspicious sign-ins token abuse and privilege escalation using Okta System Log Entra ID audit logs and CrowdStrike telemetry.
• Partner with the Security team on compliance efforts tied to Vanta NIST 800-171 CMMC and ITAR with direct ownership of access control audit logging and least-privilege enforcement.
• Manage certificate lifecycles SAML/OIDC trust configurations and API token governance across the SaaS portfolio.
• Create and maintain runbooks architecture diagrams and knowledge base articles in Confluence leaving documentation better than you found it.
• Mentor junior IT team members on identity cloud platform and endpoint management best practices.
• Drive scripting and automation (PowerShell Python Bash) to streamline administration reporting and incident response across identity cloud and MDM systems.
• Lead special projects from kickoff to completion with full accountability for outcomes.

Basic Qualifications

• Bachelors degree in information technology Computer Science Cybersecurity or a related field or equivalent hands-on experience that speaks for itself.
• 5 years in systems administration with at least 3 years focused on identity platforms (Okta Entra ID/Azure AD) and Microsoft 365 administration.
• Proficiency with Okta administration application integration (SAML OIDC SCIM) MFA enrollment policies group rules and lifecycle management.
• Strong working knowledge of Microsoft 365 administration Exchange Online SharePoint Online Teams Entra ID conditional access and Azure AD Connect.
• Experience administering MDM platforms across macOS Windows and Linux including JAMF Pro and Microsoft Intune with a solid understanding of device enrollment compliance policies and configuration management at scale.
• Experience with Active Directory GPO management OU design replication troubleshooting and hybrid join scenarios.
• Proficiency with PowerShell for Microsoft Graph API Exchange Online and Entra ID automation.
• Self-directed and calm under pressure with a track record of delivering complex identity and cloud infrastructure projects.
• Clear communicator who can engage effectively with both technical and non-technical stakeholders.

Preferred Skills and Qualifications

• Microsoft certifications: AZ-104 (Azure Administrator) SC-300 (Identity and Access Administrator) MS-102 (Microsoft 365 Administrator) or MD-102 (Endpoint Administrator).
• Okta Certified Professional or Okta Certified Administrator certification.
• Experience operating Microsoft 365 GCC High or GCC tenants with a clear understanding of the compliance boundary differences from commercial M365.
• Hands-on experience with Okta Workflows Okta Identity Governance (OIG) or Okta Privileged Access.
• Advanced JAMF Pro administration: Prestage Enrollments smart groups extension attributes and JAMF-to-Okta/Entra device compliance integration.
• Experience with Microsoft Intune Autopilot compliance policies and co-management scenarios in hybrid AD/Entra environments.
• Familiarity with Linux endpoint management solutions (Landscape Fleet CHEF Ansible or equivalent).
• Familiarity with SIEM/SOAR integration for identity event correlation (PagerDuty Snowflake or equivalent).
• Experience supporting NIST 800-171 CMMC and ITAR compliance with direct responsibility for access control and endpoint compliance implementation.
• Prior experience in a high-growth startup or aerospace environment is highly desirable.

Compensation & Benefits

Salary Range: $130000 $165000 per year

Job-related skills education experience and performance determine leveling and base salary. Youll also be eligible for incentives in the form of stock options and/or long-term cash awards.

• Equityin a fully funded space startup with serious growth potential
• 401(k) matching
• UnlimitedPTO
• Health vision and dental insurance
• Dailylunch and snacks on site; dinners twice a week
• Maternity/Paternity leave

ITAR Requirements

Varda like all employers must ensure that its employees working in the United States are lawfully authorized to work in the U.S. Additionally our employees are exposed to and have access to certain export-controlled items. At present some of our technology to which employees have access requires a license to be exported to individuals other than U.S. Persons as defined in U.S. export our employees are provided access to export-controlled items our currentpolicy is to only hire U.S. persons who are permitted to have access to our technology without an export license.

US person means: U.S. citizen U.S. lawful permanent resident or protected individual as defined by 8 U.S.C. 1324b(a)(3) (i.e. individual admitted to the U.S. as a refugee or granted asylumin the U.S.)