Job Title: IT Manager – Microsoft 365, Endpoint & Security
Location: Remote
Role Summary
We are seeking a hands-on IT Manager to own and operate our Microsoft 365 ecosystem across four tenants supporting approximately 100–200 users. This individual will be responsible for day-to-day administration, endpoint and mobile device lifecycle management, and continuous improvement of security and device management platforms including Entra ID, Intune, and Microsoft Defender.
This role combines operational execution with strategic development. The IT Manager will partner closely with the CIO to evolve the organization’s IT roadmap, strengthen security posture over time, and standardize processes across business units. The role spans full ownership of identity, endpoint, and mobile device integration within a unified security model.
Key Responsibilities
Microsoft 365 & Identity Management
-
Administer and maintain Microsoft 365 services across four tenants
-
Manage Entra ID (Azure AD), including:
-
User lifecycle (onboarding, offboarding, role changes)
-
Conditional Access policies (device compliance, app protection, location/risk-based controls)
-
MFA enforcement and authentication methods
-
Group design and role-based access control (RBAC)
-
Integrate identity with endpoint and mobile device compliance to enforce secure access (Zero Trust model)
-
Oversee Exchange Online, Teams, SharePoint, and OneDrive administration
-
Ensure tenant configuration consistency where appropriate while supporting business-specific needs
Endpoint Management (Intune & Device Lifecycle)
-
Own Microsoft Intune configuration and operations across Windows, iOS, and Android devices:
-
Device enrollment (Windows Autopilot, Apple Business Manager, Android Enterprise)
-
Configuration profiles, compliance policies, and security baselines
-
Application deployment, updates, and patching strategies
-
Continuously enhance endpoint security posture (e.g., hardening policies, reducing attack surface, enforcing compliance for access)
-
Manage full device lifecycle:
-
Procurement and vendor coordination (laptops, phones, tablets)
-
Provisioning and zero-touch deployment
-
Maintenance, diagnostics, repair coordination, andrepurposing
-
Secure decommissioning and disposal
Mobile Device & Phone Management
-
Manage corporate mobile ecosystem (iOS and Android phones and tablets) using Intune and integrated identity controls
-
Configure and maintain:
-
Mobile Device Management (MDM) and Mobile Application Management (MAM)
-
App protection policies for BYOD and corporate-owned devices
-
Compliance policies tied to Conditional Access
-
Integrate mobile device posture with Entra ID for secure access to M365 resources
-
Coordinate carrier relationships, device procurement, upgrades, and lifecycle planning
-
Support secure and reliable mobile access to email, Teams, and business applications
Security Operations (Microsoft Defender & Integrated Security Stack)
-
Administer Microsoft Defender suite (Endpoint, Office 365, Identity, and Cloud Apps as applicable)
-
Monitor alerts and respond to security incidents across endpoints, identities, and email
-
Correlate signals between Defender and Entra ID (e.g., risky sign-ins, compromised devices)
-
Tune policies over time to balance usability and protection
-
Improve visibility, reporting, and response workflows across tenants
-
Support implementation and enforcement of email security standards (SPF, DKIM, DMARC)
End-User Support & Operations
-
Serve as escalation point for technical issues across laptops, mobile devices, and M365 services
-
Provide hands-on support for:
-
Windows endpoints
-
iOS/Android phones and tablets
-
Identity and access issues
-
Maintain and improve IT documentation, standards, and operational procedures
-
Ensurea consistent, secure, and high-quality user experience across all business units
-
Arrange supportrelationshipsfor branch infrastructure–routers, printers and phones
Strategy & Continuous Improvement
-
Partner with CIO to execute IT strategy and roadmap across identity, device, and security domains
-
Identify opportunities to improve:
-
Security posture (e.g., stronger Conditional Access, device compliance enforcement)
-
Automation and efficiency (Intune, provisioning, scripting)
-
User onboarding/offboarding processes across tenants
-
Standardization of policies across endpoints and mobile devices
-
Evolve the environment toward modern best practices:
-
Zero Trust architecture
-
Device-based access enforcement
-
Unified endpoint and identity security model
Required Qualifications
-
5+ years of experience in Microsoft 365 administration
-
Strong hands-on experience with:
-
Entra ID (Azure AD)
-
Microsoft Intune (Windows, iOS, Android device management)
-
Microsoft Defender security stack
-
Experience managing endpoint and mobile device ecosystems in a cloud-managed environment
-
Strong understanding of identity-driven security and Conditional Access
-
Ability to operate independently in a broad, all-in-one IT role
Preferred Qualifications
-
Experience managing multi-tenant Microsoft 365 environments
-
Knowledge of Zero Trust security principles and implementation
-
Experience with Apple Business Manager and Android Enterprise
-
PowerShell scripting or automation experience
-
Experience integrating device compliance with identity-based access controls
Key Traits for Success
-
Hands-on, proactive, and detail-oriented
-
Strong ownership mindset across identity, devices, and security platforms
-
Able to balance operational support with long-term platform evolution
-
Strong troubleshooting and systems-thinking skills
-
Clear communicator who can connect technical systems to business impact
Working Structure
-
Reports to: CIO
-
Scope: 4 Microsoft 365 tenants, ~100–200 total users
-
Role Type: Individual contributor with broad ownership (no direct reports initially)
Additional Information
-
Paid time off: vacation, sick time, holidays.
-
401k and company match available after 90 days of employment.
-
Health, dental and vision insurance.
-
Employment is contingent upon successful completion of a drug test, criminal background check, and a satisfactory motor vehicle record.
Clear Creek Systems, Inc. is an equal opportunity employer. We are committed to creating a diverse environment and are proud to be an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.