We are hiring an IT Systems & Security Engineer to strengthen the stability, security, and efficiency of our internal IT services. This role blends hands‑on systems engineering with security operations. You will operate and improve endpoint security and device management, administer Microsoft 365, run vulnerability management, and enhance monitoring/SIEM workflows.
A core expectation of this position is continuous optimization of our IT and security operations: reducing manual work through automation, lowering operational cost where possible, and improving response times and service quality for employees.
You will work closely with the CISO and act as Deputy to the CISO during planned absences (e.g., holidays), ensuring operational continuity and effective decision‑making.
Job Requirements
Strong hands‑on experience with Microsoft 365 administration, including Entra ID and Intune.
Practical experience operating Microsoft Defender (alert triage, investigations, policy tuning).
Proven endpoint management across macOS and Windows in a business environment.
Working knowledge of JAMF administration (profiles, policies, deployments, compliance reporting).
Working knowledge of vulnerability management with Nessus (or equivalent).
Familiarity with SIEM/logging concepts (ELK and/or other SIEM): ingestion, dashboards, alerting, operational improvement.
Solid network fundamentals relevant to IT security (DNS/DHCP/VPN, segmentation concepts, troubleshooting).
Ability to operate effectively in ticketed environments and manage priorities (ITIL‑inspired practices are a plus).
Demonstrable continuous‑improvement mindset: simplify, automate, standardize, measure outcomes; bias for reducing manual effort, lowering cost, and improving response times.
Hands‑on exposure to AI tools and workflows, with the ability to support secure, practical adoption in a business environment (e.g., testing and enabling use cases, understanding risks around data handling, and contributing to user guidance/guardrails).
Certifications (required or obtained within the first 6–12 months)
CompTIA Security+ (or equivalent baseline security certification/competence).
CompTIA Network+ (or equivalent demonstrated networking competence).
Nice to have (certifications)
Microsoft certifications: SC‑200 (Security Operations Analyst), SC‑300 (Identity & Access Administrator), MD‑102 (Endpoint Administrator), MS‑102 (Microsoft 365 Administrator) or equivalents.
Jamf certification: Jamf Certified Tech / Admin (or current Jamf certification track).
ITIL Foundation (service management discipline).
SIEM/security analytics training or vendor certifications (helpful, not required).
Nice to have (skills/experience)
Automation/scripting (PowerShell, Bash, Python) applied to IT/security operations.
Experience improving SIEM detection use cases and telemetry correlation.
Experience in regulated environments (audit readiness, investigations, evidence handling).
Experience translating security requirements into pragmatic employee guidance (policies, playbooks, enablement).
Job Responsibilities
1) Endpoint Security Operations (Microsoft Defender)
Operate Defender day‑to‑day: monitor alerts, investigate incidents, tune policies, reduce noise, and improve detection quality.
Support security incident handling: triage, containment coordination, evidence collection, remediation follow‑up, and lessons learned.
Improve endpoint security posture via policy hardening, baselining, and measurable reduction of repeated issues.
2) Microsoft 365 Administration (Entra ID, Intune, Exchange, Teams, SharePoint/OneDrive)
Administer Microsoft 365 services with a focus on security, reliability, and operational hygiene.
Maintain access governance: joiner/mover/leaver lifecycle, role assignments, privileged access patterns, and conditional access support (where applicable).
Improve identity and device‑based controls in partnership with the CISO (e.g., MFA coverage, device compliance gates, administrative separation).
3) Device Management & Compliance (Apple & Windows)
Manage endpoint lifecycle and compliance across Apple and Windows fleets.
Administer JAMF for macOS (profiles, deployments, compliance reporting, hardening).
Manage Windows endpoints primarily through Intune (configuration, application deployment, compliance, configuration baselines).
Standardize and streamline onboarding/offboarding and device replacement processes.
4) Vulnerability Management (Nessus)
Run and improve vulnerability scanning coverage, schedules, and reporting.
Prioritize remediation by risk and business impact; track closure with clear ownership and deadlines.
Establish durable reporting cadence and measurable remediation performance.
5) SIEM / Logging / Monitoring (ELK / SIEM)
Improve SIEM effectiveness: ingestion health, source coverage, dashboards, alerting, and correlation across endpoint and infrastructure telemetry.
Help operationalize detection use cases (high‑signal alerts, playbooks, reporting that supports decision‑making).
Produce concise operational reporting for stakeholders (security posture, trends, improvements, key risks).
6) Internal Tooling & Service Delivery (Atlassian, GitLab)
Operate and improve Jira Service Management/Confluence workflows: queues, SLAs, request types, automation rules, and documentation standards.
Support GitLab access and enablement from an IT/security operations perspective (e.g., identity, access controls, user lifecycle), as applicable.
Ensure IT services are reliable, measurable, and continuously improving.
7) Secure Enablement of AI in the Company
Enable and support secure use of AI tools and workflows across the company in collaboration with the CISO and key stakeholders.
Help define and implement practical guardrails (approved tools, data handling rules, access controls, logging/monitoring considerations, user guidance).
Support employees with secure adoption: documentation, onboarding guidance, and pragmatic reviews of new AI use cases.
8) Automation, Optimization, and Cost Discipline (Mandate Across the Role)
Identify and implement automation opportunities (e.g., identity/device lifecycle, ticket workflows, alert triage, reporting).
Reduce operational friction and manual work while improving service speed and quality.
Maintain cost awareness: rationalize tooling/configurations where appropriate, reduce waste, and improve vendor/service ownership clarity.
9) Vendors, Procurement Support, and Operational Continuity
Coordinate with suppliers for hardware/services: delivery tracking, escalation paths, renewal visibility, and operational performance issues.
Maintain runbooks and operational procedures to ensure resilience and audit readiness.
Act as Deputy to the CISO during absences: maintain day‑to‑day security operations, coordinate incident response activities, and elevate appropriately.
Provide operational leadership as needed to keep internal IT and security services stable and responsive.
How we Evaluate Success (first 3–6 months)
Defender operations: triage workflow is consistent; alert noise is reduced; repeated endpoint issues decrease; incident handling is timely and well‑documented.
M365 / Intune / JAMF: device compliance is reliable; onboarding/offboarding is smooth and measurable; admin and access hygiene is improved.
Vulnerability management: scanning coverage is consistent; remediation tracking is risk‑driven; clear ownership and closure cadence is established.
SIEM / visibility: ingestion stability improves; dashboards and alerts become more actionable; stakeholders get concise, useful reporting.
Optimization: multiple tangible automation/standardization improvements delivered that reduce manual work, reduce cycle times for employee requests, and/or reduce operational costs.
Deputy coverage: operational continuity is demonstrably strong during CISO absence, with appropriate escalation and decision‑making.
Benefits
Competitive salary and 5+ extra holidays (30 days)
Hybrid working model with flexible hours
Great central office location in the heart of Zurich, including a roof terrace
Great international team spirit with ambitious teams and an enormous drive to achieve our goals
You will get to develop and learn within a highly talented and experienced team
Work on products with a real impact : digital privacy, security and trust
Semi‑annually international company offsite events in Portugal, Switzerland and Europe
Available parking directly at the office
Spacious office with leisure room and table football and complimentary snacks
Work for a company committed to sustainability - our data centers operate climate‑neutral
#J-18808-Ljbffr