Junior DevOps/Systems Engineer

Identity, SSO & Access Management

• SSO & IdP — configure and maintain SSO integrations (SAML, OIDC, SCIM) across our SaaS stack, and keep our identity provider clean and well-governed.
• Account management — provision, modify, and deprovision accounts across productivity and engineering tools; manage groups, roles, and permission boundaries.
• Access requests — triage and fulfill access requests with appropriate approvals; document why access was granted and review it on a regular cadence.

Onboarding & Offboarding

• Onboarding — equip new hires with the accounts, tools, hardware, and access they need before day one, and walk them through it.
• Offboarding — execute clean, auditable offboarding: revoke access, recover assets, preserve data per policy, and close the loop with people ops.

IT Administration & Productivity Systems

• Day-to-day admin — administer Google Workspace, Slack, identity providers, MDM, password managers, and the rest of our SaaS productivity stack.
• Internal support — be the first line of help for employees with IT issues; resolve, escalate, and document.

Security Controls & Monitoring

• Controls — enforce baseline security configurations across SaaS apps, endpoints, and identity (MFA, conditional access, least privilege).
• Monitoring — watch our security tooling for anomalies and alerts; investigate, triage, and escalate as needed.
• Compliance support — help keep us audit-ready by maintaining clean records of access, changes, and reviews.

Automation & Scripting

• Light coding — automate the parts of the job that should be automated. Expect to write Python, Bash, or TypeScript glue code, hit SaaS APIs, and build small internal tools.
• Continuous improvement — improve the systems and runbooks you inherit; if a process is painful or manual, fix it.

• Experience with an identity provider such as Okta, Google Cloud Identity, etc.
• Hands-on experience administering Google Workspace and a chat platform (Slack/Teams)
• Experience with SaaS security tooling, SIEM, or endpoint detection (e.g., CrowdStrike, SentinelOne, Sumo Logic, Datadog)
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, or HIPAA
• Comfort with infrastructure-as-code or configuration-as-code (Terraform, Ansible, or similar)
• Exposure to cloud platforms (AWS, GCP, or Azure) and basic IAM in those environments
• Prior experience in a startup or other fast-moving environment

• 0–3 years in IT engineering, IT operations, systems administration, or a similar role (internships and substantial side projects count)
• Working knowledge of SSO and identity concepts: SAML, OIDC, SCIM, MFA, and the difference between authentication and authorization
• Comfort in a terminal and with at least one scripting language (Python, Bash, or similar). You should be comfortable writing code, testing it, and committing it using git
• A security-first mindset: you understand least privilege, you don't share credentials, and you take audit trails seriously
• Strong written communication. You can explain a fix to a non-technical teammate and document a process so the next person doesn't have to ask
• A bias toward ownership. When something breaks, you don't wait to be told; you investigate and follow through
• Availability to work hours that overlap with the US Central Time (CST) zone (at least 4–5 hours of daily overlap with the team)
• English and Russian at B2 level, for communication with stakeholders and team
• Location: any, except Russia and Belarus