Work mode: Full-time on-site

Senior System Administrator

Laptop Provisioning, Maintenance & Asset Lifecycle (Windows, Linux, macOS)

About the Role

We are looking for a Senior System Administrator to be the single owner of our end-user computing environment across Windows, Linux, and macOS. This is a standalone role — you will define the standards, run the day-to-day, and be the escalation point all in one. You will own laptop provisioning, ongoing maintenance, security hygiene, and the full asset lifecycle, making sure every employee has a reliable, secure, and well-configured machine from day one through decommissioning.

Our stack is JumpCloud for MDM (with Apple Business Manager for Mac zero-touch and light-touch Windows provisioning via JumpCloud), Google Workspace for identity and email, and Microsoft Azure / Entra ID for Microsoft 365.

Key Responsibilities

Laptop Provisioning & Onboarding

· Image, configure, and deploy new laptops (Windows, Linux, macOS) for joiners, ensuring devices are ready on or before the start date.

· Maintain standard build configurations and automated provisioning workflows in JumpCloud, using Apple Business Manager for Mac zero-touch enrolment and light-touch Windows provisioning via JumpCloud; manage Linux baselines with Ansible or equivalent.

· Enrol devices into MDM, domain, and endpoint security platforms; configure VPN, Wi-Fi, certificates, and SSO access.

· Install and license required software based on role-specific software bundles.

· Run onboarding handover sessions with new hires to walk them through device setup, security policies, and support channels.

Maintenance & Support

· Provide L1/L2 endpoint support across all three operating systems — diagnosing hardware faults, OS issues, driver problems, peripheral connectivity, and performance degradation.

· Plan and roll out OS upgrades, security patches, and firmware updates with minimal disruption to users.

· Monitor endpoint health, disk encryption status, antivirus / EDR coverage, and patch compliance; remediate drift.

· Maintain documentation, runbooks, and a knowledge base for common issues and standard operating procedures.

· Coordinate hardware repairs and warranty claims with OEMs (Dell, Lenovo, HP, Apple) and authorised service partners.

Asset Lifecycle Management

· Own the full asset lifecycle: procurement intake, tagging, allocation, transfer, recovery, refresh, and disposal.

· Maintain an accurate, auditable asset inventory in AssetTiger and JumpCloud, covering laptops, peripherals, and software licences.

· Forecast refresh cycles and hardware demand; partner with Procurement on vendor selection, quotes, and purchase orders.

· Manage device recovery and secure data wipe (NIST 800-88 / equivalent) for exits and refreshes; arrange certified e-waste disposal.

· Track software licence usage and renewals; flag over- and under-utilisation.

· Manage our pool of Windows licence keys: allocate to devices, track activation status, reclaim on offboarding or refresh, and keep records reconcilable against AssetTiger.

Security & Compliance

· Enforce endpoint security baselines: full-disk encryption (BitLocker, LUKS, FileVault), screen-lock policies, local admin controls, and WatchGuard EPDR coverage across the fleet.

· Support internal and external audits (SOC 2, ISO 27001) with evidence of device compliance, access controls, and asset records.

· Respond to security alerts on endpoints; quarantine, investigate, and remediate in coordination with the Security team.

· Administer WatchGuard EPDR day-to-day: deploy and update agents, tune policies, triage detections, and report on coverage and threat posture.

Must-Have Skills & Experience

· 7-9 years of hands-on system administration experience supporting a mixed Windows, Linux, and macOS fleet.

· Deep hands-on experience with MDM, preferably JumpCloud (MDM, policies, commands, directory) and Apple Business Manager; comfortable managing Linux endpoints via Ansible, Puppet, or equivalent.

· Comfortable with shell scripting (Bash, PowerShell) for automation of routine provisioning and maintenance tasks.

· Solid understanding of networking fundamentals: DNS, DHCP, VPN, Wi-Fi, and certificate-based authentication.

· Hands-on experience with AssetManagement AssetTiger (or a comparable ITAM tool) and using JumpCloud as a source of truth for device inventory, running a structured asset lifecycle process end to end.

· Working knowledge of WatchGuard EPDR (or a comparable EDR / EPP such as CrowdStrike, SentinelOne, or Defender for Endpoint) — agent deployment, policy tuning, and detection triage.

· Experience managing Windows licensing in-house: tracking owned product keys, handling activation (MAK / retail / OEM), and reconciling entitlements against deployed devices.

· Strong ticket-management discipline (Jira, ServiceNow, Freshservice) with a focus on SLAs and user experience.

· Excellent communication skills — able to explain technical issues clearly to non-technical users.

Nice-to-Have

· Experience supporting a hybrid / remote workforce with zero-touch and light-touch deployment via JumpCloud and Apple Business Manager / ADE.

· Familiarity with SOC 2 or ISO 27001 endpoint controls.

· Certifications: JumpCloud Core / Pro, Apple ACSP, RHCSA, Google Workspace Administrator, or Microsoft 365 Certified.

· Exposure to IaC and configuration management at scale.

· Prior experience as the sole IT / SysAdmin in a growing company, building process from scratch.

What Success Looks Like (First 6 Months)

· Every new joiner receives a fully provisioned, compliant laptop on or before day one.

· Asset inventory is reconciled, accurate, and audit-ready across all three operating systems.

· Patch and encryption compliance is above 95% across the fleet.

· A documented, repeatable provisioning and offboarding playbook is in place and being followed.