IT Systems Administrator (3 Days onsite)

Dexter Technologies Inc., is a leading provider of Staffing and Recruiting Services. For over two decades, we have put countless professionals to work at exciting opportunities. We are proud of the fact that many of them have been promoted to more senior roles: management, senior management, and senior executive leadership positions.

We are actively seeking qualified candidates for the following position for our client, who is an industry leader:

POSITION: IT System Admin

LOCATION: Dallas TX (Hybrid 3 days onsite per week)

Type: Full Time

The Role

The IT Systems Administrator is the hands-on owner of client s device fleet, Microsoft 365 environment, and endpoint security posture as the company scales across an active portfolio of acquired commercial roofing companies. The stack is cloud-only and Microsoft-first: Entra ID for identity, Intune for device management and policy enforcement, Cloudflare Zero Trust for ZTNA, and Defender for endpoint security, all purpose-built for a growing, PE-backed roll-up with no on-premises infrastructure.

It is infrastructure ownership, ensuring every managed laptop is enrolled, compliant, patched, and secured; every new hire is onboarded to a fully configured device without touching IT; and every acquired OpCo s devices are brought onto the Client standard within a defined window. A Managed Service Provider (MSP) handles tier-1 helpdesk volume; this role oversees that relationship, handles escalated P1/P2 issues that require admin access, and ensures SLA accountability.

Responsibilities

• Microsoft 365 & Entra ID Administration: Own the Microsoft 365 tenant: user lifecycle management, group architecture, licensing assignments, Conditional Access policy management, and SharePoint/OneDrive governance. Maintain security groups model that drives access across SharePoint, OneDrive sync, and third-party SSO integrations. Administer Entra ID for identity, MFA enforcement, Privileged Identity Management, and enterprise app registrations.
• Endpoint Management & Autopilot: Own the full Intune device lifecycle: Autopilot enrollment, compliance policy enforcement, configuration profiles, Windows Update rings, and endpoint security baselines (BitLocker, Defender, Firewall, ASR, Tamper Protection). Ensure every Windows 11 device is enrolled, named to convention, joined to Entra ID, patched to the current feature release, and passing compliance policies. Deploy applications and scripts via Intune platform scripts and remediations with WhatIf validation before every live execution.
• Cloudflare Zero Trust & ZTNA: Administer the Cloudflare Zero Trust tenant: WARP client deployment and policy management, Gateway DNS and HTTP security policies, device posture checks, and identity provider integration with Entra ID. Maintain enrollment policies, monitor enrolled device count, and expand coverage to all managed endpoints. As the OpCo portfolio grows, configure Cloudflare Tunnels for private resource access at acquired companies with on-premises infrastructure.
• Security Posture & Compliance: Maintain and improve the endpoint security baseline across the fleet. Monitor Defender for Endpoint signals, ensure BitLocker recovery keys are escrowed to Entra ID on all devices, and enforce Conditional Access policies that gate access to client s SaaS platforms by device compliance and identity risk. Operate remediations proactively building Intune detection-and-remediation scripts to self-heal common configuration drift across the fleet without manual intervention.
• MSP Oversight & Escalation: Manage the day-to-day relationship with client s managed service provider handling tier-1 helpdesk tickets. Define SLA expectations, review ticket resolution quality, and escalate or directly resolve P1 and P2 incidents that require Global Admin or Intune administrator access. Ensure the MSP follows client s documented runbooks and does not make configuration changes outside approved change windows.
• OpCo Device Onboarding: For each acquired OpCo, coordinate device onboarding to the client standard, Autopilot hash collection, Entra ID join, Intune enrollment, app deployment, and WARP enrollment within the defined integration window. Assess existing device inventory before acquisition close so scope and refresh costs are captured early. Build and maintain onboarding runbooks that tighten the process with every acquisition.
• Documentation & Change Control: Maintain living documentation for all infrastructure configurations: group architecture, Conditional Access policies, Intune policy assignments, Cloudflare configurations, and script inventory in GitHub. Scripts are version-controlled; nothing runs in production without a documented rollback path.

Required Qualifications

• 3 6 years of hands-on Microsoft 365 and Entra ID administration in a production tenant.
• Practical Intune experience: Autopilot enrollment, compliance policies, configuration profiles (Settings Catalog), platform scripts, and remediations.
• Strong Windows 11 endpoint management fundamentals: BitLocker, Defender for Endpoint, Windows Update for Business, and Conditional Access integration.
• Experience with identity and access management: Entra ID groups, Conditional Access policies, MFA enforcement, and enterprise app SSO (SAML/OIDC).
• PowerShell scripting on Windows and macOS for automation, remediation, and Graph API.
• Familiarity with Zero Trust network access concepts; hands-on experience with Cloudflare One or a comparable ZTNA platform is a strong plus
• Ability to read and interpret Graph API responses, troubleshoot MDM policy conflicts, and diagnose compliance failures from registry and log evidence
• Clear written communication able to document configurations, write runbooks, and explain technical decisions to non-technical stakeholders

Preferred

• Experience in a PE-backed, roll-up, or multi-entity operating environment where standardization across acquired companies is a core objective
• Cloudflare Zero Trust administration: Gateway policies, WARP client deployment via Intune, device posture checks, and Entra ID IdP integration
• Microsoft 365 Certified: Endpoint Administrator Associate, or equivalent hands-on experience
• Familiarity with CMMC Level 2 requirements and GCC High tenancy for defense-adjacent operating companies
• Experience governing an MSP relationship: defining SLAs, reviewing ticket quality, and managing escalation paths
• Exposure to SharePoint Online administration, OneDrive KFM policy management, and Teams Rooms configuration
• Bachelor s degree in Information Technology, Computer Science, or a related field, or equivalent demonstrated experience

Working Conditions

Hybrid-friendly, based in Dallas. Travel to acquired OpCo sites for device onboarding and infrastructure assessment typically aligned to acquisition cadence and concentrated in the 30 60 days following a close (~25 35% during active onboarding periods).

This role requires on-call availability for P1 incidents affecting executive-tier users or critical SaaS platform access.