Lead IT Systems Analyst

AssetWatch is looking for a Lead IT Systems Analyst to serve as the technical backbone of our IT operations. This is not a management role — it’s a technical leadership role. You’ll be the most experienced individual contributor on the team: setting the bar for quality, owning the most complex systems and initiatives, and acting as the de facto technical authority across endpoint management, security compliance, and IT engineering. You’ll also be the person junior staff look to for guidance, standards, and best practices. If you want to lead through expertise rather than org charts, this is the role for you.

What You’ll Do

Technical Leadership & Escalation

• Serve as the primary escalation point for complex hardware, software, and network issues
• Help define and enforce technical standards for issue resolution, documentation, and knowledge transfer across the IT support function; all system changes are reviewed and implemented in cooperation with the Director of IT.
• Diagnose and resolve advanced endpoint issues across Windows and macOS environments, including OS-level, application, and connectivity problems.
• Review and close out escalated tickets that exceed the scope of senior or junior support staff.
• Actively mentor and upskill the IT support team, raising the overall technical floor.

Endpoint & Systems Architecture

• Lead user lifecycle management in Microsoft Entra ID (Azure AD), including MFA policies, conditional access rules, and application assignments.
• Drive software deployment strategy, OS update cadence, and patch management across the device fleet using MDM and RMM tooling (NinjaOne).
• Own hardware procurement standards, asset tracking processes, and equipment lifecycle from provisioning through secure retirement.
• Serve as the primary technical owner of Microsoft 365 platform administration — including governance, licensing optimization, and configurations.

Security, Compliance & Governance

• Participate in the technical execution of AssetWatch’s SOC 2 Type 2 compliance program including: endpoint security controls, evidence collection workflows, and audit-readiness.
• Drive user access reviews, onboarding/offboarding provisioning, and timely de-provisioning — ensuring auditability and policy adherence.
• Own endpoint security standards including disk encryption, EDR tooling, Conditional Access policies, and hardware authentication (YubiKey).

Engineering, Automation & Strategy

• Identify and implement automation opportunities that eliminate manual, repetitive work — using PowerShell, Python, or Bash.
• Own and continuously improve IT runbooks, SOPs, and the internal knowledge base — setting the documentation standard for the team.
• Proactively monitor system performance, alerts, and reporting dashboards; address issues before they reach end users.
• Lead or co-lead significant IT projects and platform evaluations in partnership with IT leadership and cross-functional stakeholders.
• Contribute technical perspective to IT roadmap discussions and help shape how the function scales with the business.

Who You Are

• Bachelor’s degree in Information Technology, Computer Science, or a related field — or equivalent hands-on experience.
• 5–8 years of progressive IT systems experience, with a clear track record of technical ownership and leading by example.
• Deep hands-on expertise in Windows and macOS, including advanced OS-level troubleshooting and systems administration.
• Strong working knowledge of Microsoft 365, Entra ID (Azure AD), Intune, and Jamf Pro.
• Solid understanding of IT security principles and demonstrated experience in a compliance-conscious environment (SOC 2 or similar).
• Proficiency in scripting for automation (PowerShell, Python, or Bash) — you write scripts, not just read them.
• Experience with ITSM platforms (Jira Service Management, ServiceNow, or similar) and a bias toward well-organized, well-documented ticket queues.
• Naturally collaborative — you raise the game of the people around you without needing a title to do it.
• Equally comfortable working autonomously in a remote-first environment and driving consensus when it matters.

Preferred Qualifications

• Certifications: CompTIA Security+, Microsoft Certified: Modern Desktop Administrator Associate, Microsoft 365 Certified: Endpoint Administrator, or ITIL v4 Foundation.
• Hands-on experience with RMM platforms (e.g., NinjaOne) and endpoint security tooling (EDR, DLP).
• Familiarity with SOC 2 or similar compliance frameworks and GRC tooling (e.g., Vanta).
• Experience supporting cloud-based infrastructure (AWS or Azure) in an administrative or access management capacity.
• Networking fundamentals: DNS, DHCP, VPN, and firewall concepts.

#LI-REMOTE