IT Systems & Security Engineer

Based in Williamsburg, VA, DataXstream stands as a proud and dedicated SAP partner with over two decades of experience. We are relentlessly focused on innovating, rebuilding, and perfecting the most robust and user-friendly Order Management software available for the SAP ecosystem. As we continue to grow our impact and our team, we're seeking passionate individuals to join us in shaping the future of enterprise solutions.

IT Systems & Security Engineer

DataXstream's endpoint management, Microsoft 365 platform, and security posture are evolving rapidly as the company builds a company-wide AI platform and expands its cloud footprint. The IT Systems & Security Engineer owns the Mac endpoint estate via Addigy MDM, administers the Microsoft 365 platform across Exchange, SharePoint, Teams, and OneDrive, leads security monitoring and compliance activities, and serves as the team's first dedicated security resource.

This is an ideal role for someone who is drawn to the breadth of IT — endpoint management, productivity platforms, identity, and security — and wants to grow into real ownership across all of it. You will be the person who makes security coverage intentional at DataXstream, working alongside experienced engineers who will help you build that expertise.

Main Duties and Responsibilities

Addigy MDM platform ownership — policy authoring, configuration profiles, app deployments, and fleet lifecycle management for the DataXstream Mac estate

Microsoft 365 administration — Exchange Online, SharePoint Online, Teams, OneDrive, and Microsoft 365 licensing management across the organization

Microsoft Intune — endpoint management for Windows and mobile devices alongside Addigy for the Mac fleet

Microsoft 365 Security & Compliance Center — data governance, compliance policies, and security alerting within the M365 platform

Security operations — SIEM monitoring, log review, alert triage, and escalation; endpoint security tooling management; vulnerability awareness and tracking

Compliance support — participating in audit preparation, security policy compliance checks, and alignment with security frameworks as the organization's posture matures

Employee onboarding and offboarding — device provisioning, M365 account lifecycle, and access management alongside the IT Support Specialist

Identity and access management — Entra ID / Azure AD user and group management, MFA enforcement, and conditional access policy support

Participation in IT Operations on-call rotation for security incidents and endpoint emergencies

Contribution to secrets management and IaC initiatives as they relate to endpoint and security tooling

Cross-Coverage Responsibilities

DataXstream is committed to eliminating single points of failure across IT Operations. This role is expected to develop working knowledge of the Infrastructure Engineer's domain sufficient to provide continuity during absence.

Basic vSphere / vCenter VM health monitoring — ability to identify and escalate infrastructure issues

Veeam backup job status awareness — ability to verify jobs are completing and escalate anomalies using documented runbooks

General server infrastructure awareness — sufficient to triage basic issues and engage appropriate escalation paths

Must-Have Skills and Qualifications

Interest in and exposure to endpoint management — any experience with MDM platforms (Addigy, Jamf, Intune, or similar) is a strong plus

Familiarity with Microsoft 365 — any hands-on exposure to Exchange Online, SharePoint, Teams, or M365 administration in any capacity

Foundational security knowledge — understanding of basic security concepts, monitoring, and alert handling; coursework, certifications, or hands-on projects all count

Familiarity with identity and access management concepts: Active Directory, Azure AD / Entra ID, MFA, and conditional access

Experience supporting IT help desk or onboarding/offboarding workflows in any capacity

Comfort with macOS and Apple ecosystem administration — all endpoints at DataXstream are macOS

Strong terminal skills — comfortable using the command line for system administration, scripting, and troubleshooting tasks

Scripting ability — comfort with Bash, Python, or PowerShell for endpoint management, automation, and security tooling tasks is expected; macOS scripting experience is a plus

Willingness to participate in on-call rotation for security incident response

Clear written communication — you document what you learn and what you change

What We Value

Curiosity — you want to understand the platform, not just make the ticket go away

Ownership — when something is yours to deliver, you see it through

Communication — you keep customers and teammates informed, especially when things get complicated

Growth mindset — every customer engagement teaches you something; you pay attention to those lessons

Collaboration — you ask the team when you're stuck and you share what you learn

Nice to Have

Security certification or active pursuit: CompTIA Security+, CySA+, Microsoft SC-900, or equivalent

Microsoft 365 certification or active pursuit: MS-900, MS-102, or equivalent

Any scripting or automation experience: Python, Bash, PowerShell, or Microsoft Graph API

Familiarity with VMware vSphere basics

Exposure to compliance frameworks: SOC 2, ISO 27001, or similar

Homelab or self-directed security project experience (CTFs, home network security, etc.)

Exposure to CAB or change process management — MDM, M365, and security changes can all impact the broader organization; familiarity with structured change review processes is a plus

Familiarity with Atlassian tools — Jira for task and project management

Experience using company-approved AI tools to increase personal productivity and efficiency

DataXstream LLC is an equal-opportunity workplace and an affirmative-action employer. We are always committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Discrimination is not welcome on the basis of any other status protected by the laws or regulations in the locations where we work.