CrossnoKaye
IT & Customer Systems Engineer (Core Services)
CrossnoKaye
Location: Santa Barbara, CA (Hybrid – 3 Days in Office/Week)
Travel: Up to 10% to customer sites.
About the Role We’re hiring an experienced, hands‑on IT professional to support both our internal teams and customer deployments. You’ll own customer‑site activation end‑to‑end; partnering with customer IT to greenlight networks, bring gateways online, and ensure data is flowing. Internally, you’ll transform our spreadsheet‑level IT into a scalable, repeatable program, including helpdesk workflows, device lifecycle and inventory management, and the rollout of multiplatform MDM and EDR across our device fleet. This role is essential to operational reliability, customer success, and data security. As we grow, you’ll scale device posture and identity standards and support the operation of security controls and evidence as we move toward external security attestations and certifications. You’ll create the core IT and security foundation that enables a best‑in‑class engineering and customer experience. This role reports to Senior Manager, Core Services and partners closely with Operations to schedule customer work.
What you’ll be doing
Customer Site Installations & Support
Coordinate installation & troubleshooting: CrossnoKaye hardware, gateways, and networking components at customer sites; work shoulder‑to‑shoulder with field teams and customer IT to reach operational acceptance.
Own the customer‑IT relationship: ensure secure, reliable integration – clarify network plans (VLAN/IP/DHCP/DNS/NAT, firewall rules), align on security controls, and secure sign‑offs.
Standards & documentation: develop and maintain IT deployment standards (networking, data transfer, security/compliance) as simple checklists/diagrams that Operations and internal hardware teams actually use.
Support & escalation: provide remote and on‑site support for industrial deployments; coordinate downtime windows and escalate to internal specialists when needed.
Hardware/agent collaboration: collaborate closely with internal hardware and agent‑infrastructure teams to meet firmware, telemetry, and control‑path requirements, and feed findings back into the paved road for future installs.
Office IT & Internal Systems
Stand up the program: create a one‑door helpdesk (ticketing and tracking), publish IT SLOs (first response and resolution), and build a living knowledge base.
Device lifecycle & inventory: own joiner/mover/leaver and maintain an authoritative inventory across a mixed fleet of Windows, Mac, and Linux devices.
Endpoint management: deploy and operate cross‑platform MDM/posture and EDR across the fleet; enforce highly secure baselines for Linux, Mac, and Windows; automate remediations, and report coverage/health.
Identity & access: streamline SSO/SAML/OIDC onboarding using our Google Workspace installation. Control SCIM provisioning and group/role hygiene.
Core IT systems: operate and improve Wi‑Fi, baseline laptop configuration, conference‑room A/V, event and meeting A/V, and core SaaS platforms; handle software procurement and renewals.
No standing 24×7 on‑call. Very rare after‑hours pages (approximately 2–4 times per year) for urgent customer installs or incidents, scheduled where possible. Some install or maintenance windows may start early U.S. Eastern hours or fall on occasional weekends.
Security & Compliance
Execute security controls under Core Services Security & Compliance (program ownership sits there): patch/vulnerability cadence, periodic access reviews, endpoint posture enforcement.
Evidence & audits: maintain the evidence library; support external security attestations/certifications (e.g., SOC 2, ISO 27001) and customer questionnaires with current artifacts.
Posture‑gated access: integrate device posture with IdP/AWS (e.g., Context‑Aware Access / IAM Identity Center) so high‑risk apps require a managed device.
Exceptions & incidents: log and time‑box policy exceptions; coordinate with Reliability/IR on incident follow‑ups related to identity/endpoints.
Continuous improvement: evaluate practical security tooling/process upgrades in partnership with Platform/Security; land changes via docs and paved‑road templates.
What we’re looking for
Customer‑facing IT: 4–7+ years in hands‑on IT/sysadmin with direct work alongside customer IT; calm, clear communicator who can unblock tough networking issues on site or remotely.
Networking depth: VLAN/DHCP/DNS/NAT, site firewalls, routing basics; can read a diagram, propose a clean plan, and prove it works.
Helpdesk from scratch: stood up or owned a one‑door intake with ticketing, SLOs (first response & resolution), and a living knowledge base.
Device lifecycle & inventory: keeping an authoritative device inventory across Windows, macOS, and Linux devices.
Endpoint management: hands‑on with MDM/posture and EDR across Win/Mac/Linux (FleetDM/osquery & CrowdStrike preferred; equivalents OK). Can write simple posture checks.
Identity & SSO: administers Google Workspace (or Okta/AAD) as an identity provider. Experience with SAML/OIDC app onboarding, SCIM provisioning, and group/role hygiene; comfort with FIDO2/WebAuthn policies.
Documentation & standards: turns rough notes into checklists/diagrams others actually follow; keeps docs current after each install.
Execution in industrial spaces: comfortable in loud/wet/cold environments (using personal protective equipment); can climb ladders with or without reasonable accommodation.
Nice‑to‑have
Posture‑gated access: IdP conditional access (Google/Okta/AAD) tied to device posture; AWS IAM Identity Center (SSO) wiring; Zero‑Trust network access (e.g., Tailscale/WireGuard).
Security control ops: patch/vuln cadence, periodic access reviews, evidence capture; experience supporting external security attestations/certifications (SOC 2, ISO 27001) and customer questionnaires.
Automation: bash + one of Ansible/Nix for repeatable laptop/server setup; basic git.
Hardware/agent collaboration: experience coordinating firmware/telemetry/control‑path requirements with internal hardware/agent teams.
Certs (nice, not required): Security+, GSEC, GCED, or equivalent.
We will train
If you’ve run Jamf/Intune well and are Linux‑curious, we’ll teach FleetDM/osquery.
If you’re strong on Win/Mac EDR but new to Linux, we’ll level you up.
If you’ve owned helpdesk SLOs but not identity provider posture gates, we’ll pair you with Core Services to wire up IdP safely.
What success looks like
Within 3 months:
Lead customer‑site installations and be recognized as the point person for IT/OT integration.
Stand up a one‑door helpdesk with published SLOs; reach asset inventory ≥ 95% across Windows/macOS/Linux.
Deploy MDM/posture and EDR to ≥ 80% of active endpoints; publish a Linux baseline (FDE/TPM/patch cadence).
Within 6 months:
Drive EDR coverage ≥ 90% and posture compliance trending up; meet IT SLOs for a full month (first response
Wire device posture into access for at least two high‑risk apps (e.g., Google/AWS SSO); log and time‑box exceptions.
Join select customer calls to support Sales during the IT discovery process.
Within 12 months (and ongoing):
Maintain site‑activation performance (p50 ≤ 3 business days, first‑pass yield ≥ 85%); keep standards and checklists current.
Execute security control operations with Core Services Security & Compliance (patch/vuln cadence, access reviews, evidence library) to support external security attestations/certifications.
Compensation The estimated base salary range for this role is $130‑160k. In addition to base pay, full‑time team members are eligible for a company‑wide bonus and equity options - giving you the opportunity to grow alongside the company and share in the long‑term success we’re building together. Estimated total cash compensation may range from approximately $150‑180k. Final compensation is determined by several factors including prior experience, skills, and alignment with the role. The range above is intended to provide a helpful benchmark, though it may be updated as needed.
Benefits
Unlimited/Untracked PTO
Medical, Dental, & Vision Coverage
401(k) with Company Contribution
Paid Parental Leave
Wellness & Mental Health Reimbursements
Phone Reimbursement
Our Culture At CrossnoKaye, we hire exceptional people and give them the trust and autonomy to make an impact from day one. We're a team fueled by curiosity, ownership, and the drive to solve hard problems that matter. We don’t settle for the status quo; we challenge assumptions, seek better ways forward, and push the boundaries of what’s possible. We’re passionate about our mission, we dream big, and we build with care. Together, we share a belief that bold ideas, combined with deep collaboration, lead to meaningful, real‑world change.
We are an equal opportunity employer and we welcome applications from all backgrounds. We seek to build a diverse pool of applicants that will help to push our company forward. We believe that our true success will come from a diverse, dynamic, and inclusive environment. We seek and will consider all qualified candidates regardless of race, ancestry, color, gender identity or expression, sexual orientation, religion, national origin, citizenship, disability, Veteran status, marital status, or any other classification protected by law.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Construction, Software Development, and IT Services and IT Consulting
#J-18808-Ljbffr
Location: Santa Barbara, CA (Hybrid – 3 Days in Office/Week)
Travel: Up to 10% to customer sites.
About the Role We’re hiring an experienced, hands‑on IT professional to support both our internal teams and customer deployments. You’ll own customer‑site activation end‑to‑end; partnering with customer IT to greenlight networks, bring gateways online, and ensure data is flowing. Internally, you’ll transform our spreadsheet‑level IT into a scalable, repeatable program, including helpdesk workflows, device lifecycle and inventory management, and the rollout of multiplatform MDM and EDR across our device fleet. This role is essential to operational reliability, customer success, and data security. As we grow, you’ll scale device posture and identity standards and support the operation of security controls and evidence as we move toward external security attestations and certifications. You’ll create the core IT and security foundation that enables a best‑in‑class engineering and customer experience. This role reports to Senior Manager, Core Services and partners closely with Operations to schedule customer work.
What you’ll be doing
Customer Site Installations & Support
Coordinate installation & troubleshooting: CrossnoKaye hardware, gateways, and networking components at customer sites; work shoulder‑to‑shoulder with field teams and customer IT to reach operational acceptance.
Own the customer‑IT relationship: ensure secure, reliable integration – clarify network plans (VLAN/IP/DHCP/DNS/NAT, firewall rules), align on security controls, and secure sign‑offs.
Standards & documentation: develop and maintain IT deployment standards (networking, data transfer, security/compliance) as simple checklists/diagrams that Operations and internal hardware teams actually use.
Support & escalation: provide remote and on‑site support for industrial deployments; coordinate downtime windows and escalate to internal specialists when needed.
Hardware/agent collaboration: collaborate closely with internal hardware and agent‑infrastructure teams to meet firmware, telemetry, and control‑path requirements, and feed findings back into the paved road for future installs.
Office IT & Internal Systems
Stand up the program: create a one‑door helpdesk (ticketing and tracking), publish IT SLOs (first response and resolution), and build a living knowledge base.
Device lifecycle & inventory: own joiner/mover/leaver and maintain an authoritative inventory across a mixed fleet of Windows, Mac, and Linux devices.
Endpoint management: deploy and operate cross‑platform MDM/posture and EDR across the fleet; enforce highly secure baselines for Linux, Mac, and Windows; automate remediations, and report coverage/health.
Identity & access: streamline SSO/SAML/OIDC onboarding using our Google Workspace installation. Control SCIM provisioning and group/role hygiene.
Core IT systems: operate and improve Wi‑Fi, baseline laptop configuration, conference‑room A/V, event and meeting A/V, and core SaaS platforms; handle software procurement and renewals.
No standing 24×7 on‑call. Very rare after‑hours pages (approximately 2–4 times per year) for urgent customer installs or incidents, scheduled where possible. Some install or maintenance windows may start early U.S. Eastern hours or fall on occasional weekends.
Security & Compliance
Execute security controls under Core Services Security & Compliance (program ownership sits there): patch/vulnerability cadence, periodic access reviews, endpoint posture enforcement.
Evidence & audits: maintain the evidence library; support external security attestations/certifications (e.g., SOC 2, ISO 27001) and customer questionnaires with current artifacts.
Posture‑gated access: integrate device posture with IdP/AWS (e.g., Context‑Aware Access / IAM Identity Center) so high‑risk apps require a managed device.
Exceptions & incidents: log and time‑box policy exceptions; coordinate with Reliability/IR on incident follow‑ups related to identity/endpoints.
Continuous improvement: evaluate practical security tooling/process upgrades in partnership with Platform/Security; land changes via docs and paved‑road templates.
What we’re looking for
Customer‑facing IT: 4–7+ years in hands‑on IT/sysadmin with direct work alongside customer IT; calm, clear communicator who can unblock tough networking issues on site or remotely.
Networking depth: VLAN/DHCP/DNS/NAT, site firewalls, routing basics; can read a diagram, propose a clean plan, and prove it works.
Helpdesk from scratch: stood up or owned a one‑door intake with ticketing, SLOs (first response & resolution), and a living knowledge base.
Device lifecycle & inventory: keeping an authoritative device inventory across Windows, macOS, and Linux devices.
Endpoint management: hands‑on with MDM/posture and EDR across Win/Mac/Linux (FleetDM/osquery & CrowdStrike preferred; equivalents OK). Can write simple posture checks.
Identity & SSO: administers Google Workspace (or Okta/AAD) as an identity provider. Experience with SAML/OIDC app onboarding, SCIM provisioning, and group/role hygiene; comfort with FIDO2/WebAuthn policies.
Documentation & standards: turns rough notes into checklists/diagrams others actually follow; keeps docs current after each install.
Execution in industrial spaces: comfortable in loud/wet/cold environments (using personal protective equipment); can climb ladders with or without reasonable accommodation.
Nice‑to‑have
Posture‑gated access: IdP conditional access (Google/Okta/AAD) tied to device posture; AWS IAM Identity Center (SSO) wiring; Zero‑Trust network access (e.g., Tailscale/WireGuard).
Security control ops: patch/vuln cadence, periodic access reviews, evidence capture; experience supporting external security attestations/certifications (SOC 2, ISO 27001) and customer questionnaires.
Automation: bash + one of Ansible/Nix for repeatable laptop/server setup; basic git.
Hardware/agent collaboration: experience coordinating firmware/telemetry/control‑path requirements with internal hardware/agent teams.
Certs (nice, not required): Security+, GSEC, GCED, or equivalent.
We will train
If you’ve run Jamf/Intune well and are Linux‑curious, we’ll teach FleetDM/osquery.
If you’re strong on Win/Mac EDR but new to Linux, we’ll level you up.
If you’ve owned helpdesk SLOs but not identity provider posture gates, we’ll pair you with Core Services to wire up IdP safely.
What success looks like
Within 3 months:
Lead customer‑site installations and be recognized as the point person for IT/OT integration.
Stand up a one‑door helpdesk with published SLOs; reach asset inventory ≥ 95% across Windows/macOS/Linux.
Deploy MDM/posture and EDR to ≥ 80% of active endpoints; publish a Linux baseline (FDE/TPM/patch cadence).
Within 6 months:
Drive EDR coverage ≥ 90% and posture compliance trending up; meet IT SLOs for a full month (first response
Wire device posture into access for at least two high‑risk apps (e.g., Google/AWS SSO); log and time‑box exceptions.
Join select customer calls to support Sales during the IT discovery process.
Within 12 months (and ongoing):
Maintain site‑activation performance (p50 ≤ 3 business days, first‑pass yield ≥ 85%); keep standards and checklists current.
Execute security control operations with Core Services Security & Compliance (patch/vuln cadence, access reviews, evidence library) to support external security attestations/certifications.
Compensation The estimated base salary range for this role is $130‑160k. In addition to base pay, full‑time team members are eligible for a company‑wide bonus and equity options - giving you the opportunity to grow alongside the company and share in the long‑term success we’re building together. Estimated total cash compensation may range from approximately $150‑180k. Final compensation is determined by several factors including prior experience, skills, and alignment with the role. The range above is intended to provide a helpful benchmark, though it may be updated as needed.
Benefits
Unlimited/Untracked PTO
Medical, Dental, & Vision Coverage
401(k) with Company Contribution
Paid Parental Leave
Wellness & Mental Health Reimbursements
Phone Reimbursement
Our Culture At CrossnoKaye, we hire exceptional people and give them the trust and autonomy to make an impact from day one. We're a team fueled by curiosity, ownership, and the drive to solve hard problems that matter. We don’t settle for the status quo; we challenge assumptions, seek better ways forward, and push the boundaries of what’s possible. We’re passionate about our mission, we dream big, and we build with care. Together, we share a belief that bold ideas, combined with deep collaboration, lead to meaningful, real‑world change.
We are an equal opportunity employer and we welcome applications from all backgrounds. We seek to build a diverse pool of applicants that will help to push our company forward. We believe that our true success will come from a diverse, dynamic, and inclusive environment. We seek and will consider all qualified candidates regardless of race, ancestry, color, gender identity or expression, sexual orientation, religion, national origin, citizenship, disability, Veteran status, marital status, or any other classification protected by law.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Construction, Software Development, and IT Services and IT Consulting
#J-18808-Ljbffr