IT Systems Administrator (Cloud, Identity, Endpoint & Security)

Transform 800,000 hectares of greenhouses into fully-autonomous food production sites

At eternal.ag, we're building the future of sustainable food production. Our mission is to convert the world's existing greenhouses into fully-autonomous facilities that can produce fresh food year-round - addressing the critical need to double food production by 2050 while facing severe labor shortages, water scarcity, and climate challenges.

Your Role

We are looking for an IT Systems Administrator to own and improve day-to-day IT operations across cloud services, identity, endpoint devices, and cybersecurity controls. You will manage AWS infrastructure basics, Microsoft 365 services, Microsoft Entra ID (Azure AD) identity and access, Windows PCs, and Ubuntu/Linux laptops. You will also implement and administer Mobile Device Management (MDM) and help establish and enforce practical cybersecurity policies and best practices across the company.

This is a hands-on role requiring strong troubleshooting skills, structured documentation habits, and the ability to balance user support with system reliability and security.

What You’ll Do

IT operations & user support

• Provide Tier 1–2 support for employees across hardware, OS, identity/login, network access, and SaaS tools.
• Provision, onboard, and offboard users (accounts, groups, device enrollment, licenses, access rights).
• Maintain IT documentation (runbooks, onboarding/offboarding checklists, asset records, system diagrams).
• Manage IT vendors and service providers as needed (ISPs, equipment suppliers, security tools).

Microsoft 365 administration

• Administer Microsoft 365 services including Exchange Online, Teams, SharePoint/OneDrive, and core admin settings.
• Manage licensing and service configuration aligned to business needs and cost control.
• Implement and monitor baseline security controls (e.g., MFA, security defaults/conditional access, mailbox security, secure sharing).
• Support email deliverability, domain/DNS records (SPF/DKIM/DMARC), and collaboration settings.

Microsoft Entra ID (Azure AD) / Identity & Access Management

• Administer Microsoft Entra ID tenant configuration, users/groups, role-based access controls, and identity lifecycle.
• Implement access policies such as MFA, Conditional Access, device compliance requirements, and least-privilege access.
• Manage SSO integrations for SaaS applications and troubleshoot authentication issues.
• Support secure onboarding/offboarding and periodic access reviews.

Endpoint management: Windows + Ubuntu/Linux

• Maintain Windows PCs (deployment, patching, troubleshooting, device encryption, local admin controls, endpoint security).
• Maintain Ubuntu/Linux laptops (user access, updates, disk encryption where applicable, security hardening, troubleshooting).
• Standardize device setup using repeatable processes (imaging, configuration scripts, endpoint policies).
• Maintain endpoint inventory (hardware specs, ownership, lifecycle, warranty, status).

Mobile Device Management (MDM) & device compliancee

• Implement and administer an MDM solution to enforce device security, configuration, and compliance.
• Examples: Microsoft Intune, Jamf, Kandji, or equivalent (choose what fits your environment).
• Define and enforce device baselines (PIN/biometrics, encryption, auto-lock, OS update requirements, remote wipe).
• Manage BYOD vs corporate-owned policies, and align with privacy/responsible monitoring expectations.
• Ensure smooth enrollment and support for iOS/Android and laptops where supported.

AWS administration (cloud operations & governance)

• Administer AWS accounts and foundational services used by the company, such as:
• IAM (users/roles/policies), security groups, VPC basics, EC2, S3, RDS (as applicable), CloudWatch/logging.
• Improve AWS security posture (least-privilege IAM, MFA for privileged access, key/secret hygiene).
• Support backups, monitoring/alerting, and incident response procedures for cloud workloads.
• Assist with cost visibility and optimization (tagging, budgets, alerts, rightsizing recommendations).

Cybersecurity policies & best practices

• Help define, implement, and maintain company cybersecurity policies and standards, such as:
• Acceptable use, password/MFA, endpoint security, patching, backups, access control, vendor access, secure sharing.
• Implement practical security controls aligned with the company’s risk level: Endpoint protection, encryption, vulnerability management, audit logging, least privilege, secure onboarding/offboarding.
• Run security awareness basics (phishing awareness, secure handling of data, reporting procedures).
• Support security incident response: triage, containment, remediation, post-incident improvements.
• Coordinate with external security vendors (pentest, audits, SOC/SIEM support) if applicable.

Who You Are

Core requirements

• 3+ years in IT administration / systems administration / IT operations.
• Strong experience administering Microsoft 365 and Microsoft Entra ID (Azure AD), including MFA and SSO.
• Hands-on experience managing Windows endpoints (deployment, patching, troubleshooting, security controls).
• Hands-on experience supporting Ubuntu/Linux laptops (updates, access, security hardening basics).
• Experience implementing or administering an MDM platform and device compliance policies.
• Familiarity with AWS administration fundamentals (IAM, networking basics, monitoring, security concepts).
• Solid understanding of cybersecurity fundamentals: least privilege, secure configuration, patch management, encryption, phishing, backups, incident response basics.
• Strong troubleshooting ability, ability to communicate clearly with non-technical colleagues, and good documentation habits.

Bonus points if you have

• Experience with Microsoft security tooling (e.g., Defender for Endpoint, Defender for Office 365) or equivalent.
• Familiarity with compliance frameworks (e.g., ISO 27001 concepts, SOC 2 readiness, GDPR awareness) as applicable.
• Experience with automation/scripting: PowerShell (Windows/M365), Bash (Linux), Python (optional), and/or Ansible for configuration management.
• Basic networking skills: DHCP/DNS/VPN/Wi‑Fi management, firewall concepts, zero-trust principles.
• Experience with ticketing systems (Jira Service Management, Zendesk, Freshservice, etc.).
• Experience building policies and controls in a startup/SMB environment with pragmatic constraints.

Soft skills & working style

• You prioritize security and reliability without blocking productivity.
• You can translate technical risk into business impact and propose practical mitigations.
• You’re comfortable owning problems end-to-end and escalating appropriately.
• You can create simple documentation others can follow.
• You handle confidential information responsibly.

Tools & Systems

• Microsoft 365 Admin Center, Exchange Admin, Entra ID, Intune (or Jamf/Kandji/other MDM)
• AWS Console + IAM + CloudWatch (and IaC tools if applicable)
• Windows 10/11, Ubuntu/Linux
• Endpoint security tooling (Defender/CrowdStrike/SentinelOne, etc.)
• Password manager and/or SSO provider integrations
• Ticketing + asset management system

Apply Now

Ready to help transform 800,000 hectares of greenhouses into fully automated food production sites? If you’re excited to build the IT and security foundation that lets a robotics team ship safely and move fast, we’d love to hear from you.

We’re committed to building a diverse and inclusive team. We encourage applications from candidates of all backgrounds.

eternal.ag is building fully automated food production sites that can sustainably produce fresh food year-round. Backed by world-class investors and partnering with leading agricultural companies, we're turning the vision of fully-autonomous greenhouses into reality.