IT Systems Administrator
3w ago
Remoteoktaidmmdmssomfa
Managing identity and endpoint systems including Okta and MDM tools with a focus on automation and security.
About the company
- Supabase was born-remote and open-source-first. We believe our globally distributed team is our secret weapon in building tools developers love.
- 280+ team members
- 55+ countries
- 20+ languages spoken
- $500M raised
- 500,000+ community members
- We move fast, build in public, and use what we ship. If it’s in your project, we probably use it in ours too. We believe deeply in the open-source ecosystem and strive to support—not replace—existing tools and communities.
Responsibilities
- You will work directly with our IDM/MDM Lead to own the day-to-day operations of our identity and endpoint stack — Okta, Slack, Iru (MDM), and the integrations that tie them together. This role is equal parts identity management and endpoint operations, with a strong expectation that you automate what you repeat and document what you automate.
- This role provides follow-the-sun IT and identity coverage alongside our IDM/MDM Lead on the West Coast. Fully remote, with a strong preference for candidates based in EST or APAC.
Requirements
- 2–4 years in a corporate IT, IT operations, or identity administration role at a cloud-native or SaaS company.
- Hands-on Okta administration experience: SSO, MFA, lifecycle management, and group/policy configuration.
- Experience with a modern MDM platform (Kandji/Iru, Jamf, or equivalent) managing a macOS-first fleet.
- Working knowledge of JML processes — you understand why a 24-hour offboarding window is a security risk, not just an IT inconvenience.
- Comfortable with scripting or automation (Bash, Python, or similar) to reduce manual toil.
- Async-first communicator: you document decisions, write clear runbooks, and don’t let tasks die in DMs.
Nice to have
- Experience with FIDO2/WebAuthn deployment or hardware security key programs (YubiKey 5 series).
- Familiarity with Slack enterprise grid administration including app governance and Connect channel management.
- Exposure to SOC 2 or ISO 27001 evidence collection for identity and endpoint controls.
- Experience managing IT operations across APAC and Americas time zones simultaneously.
- Familiarity with Google Workspace admin, including directory sync and group-based provisioning.
- Prior work in a security-adjacent IT role where identity hygiene and access control were first-class concerns.
Conditions
- Fully Remote We hire globally. We believe you can do your best work from anywhere. There are no Supabase offices, but we provide a WeWork membership or co-working allowance you can use anywhere in the world.
- ESOP Every team member receives ESOP (equity ownership) in the company. We want everyone to share in the upside of what we’re building together.
- Tech Allowance Use this budget to set up your ideal work environment—laptop, monitor, headphones, or whatever helps you do your best work.
- Health Benefits Supabase covers 100% of health insurance for employees and 80% for dependents, wherever you are. Your wellbeing and your family’s health are important to us.
- Annual Off-Sites Once a year, the entire company gathers in a new city for a week of connection, collaboration, and fun. It’s a highlight of our year.
- Flexible Work We operate asynchronously and trust you to manage your own time. You know what needs to be done and when.
- Professional Development Every team member receives an annual education allowance to spend on learning—courses, books, conferences, or anything that supports your growth.
How to apply
- We keep things simple, async-friendly, and respectful of your time:
- Apply – Our team will review your application.
- Intro Call – A short video chat to get to know each other.
- Interviews – Up to four calls with: Team Leads
- Future teammates
- Someone cross-functional from product, growth, or engineering (depending on the role)
- Someone from our leadership/founding team
- Decision – We may follow up with a final question or go straight to offer.
- All communication is remote and we aim to move fast.
Other
- Supabase is an open source Firebase alternative. We give developers a Postgres database, authentication, instant APIs, edge functions, and real-time subscriptions — all in one platform. We are building the infrastructure layer for the next generation of applications.
- Corporate IT at Supabase reports into the Security organization. Identity and endpoint hygiene are treated as security controls, not administrative overhead. You will work with a small, senior team with direct access to engineering leadership and a mandate to automate everything.
- Administer Okta day-to-day: user provisioning, group management, SSO application configuration, and MFA policy enforcement.
- Own joiner-mover-leaver (JML) workflows — ensure access is granted on day one, adjusted on role change, and fully revoked on departure with no manual gaps.
- Maintain and improve Okta lifecycle automation, reducing manual provisioning toil and closing the window between HR events and access changes.
- Audit access regularly: identify stale accounts, over-provisioned roles, and orphaned app assignments before they become incidents.
- Support FIDO2/WebAuthn and YubiKey deployment for privileged access across the organization.
- Administer Iru (formerly Kandji) MDM for macOS fleet: device enrollment, configuration profiles, compliance baselines, and policy enforcement.
- Ensure all managed endpoints meet security baselines — disk encryption, screen lock, patch cadence, and EDR agent deployment.
- Support onboarding hardware logistics: device procurement, enrollment, and first-day readiness across global time zones.
- Identify and track unmanaged or out-of-compliance devices; drive remediation and escalate persistent non-compliance.
- Maintain MDM configuration as code where possible — changes should be reviewable, versioned, and reversible.
- Administer Slack workspace: channel governance, app integration reviews, guest access management, and enterprise grid operations.
- Manage the corporate SaaS portfolio — own app provisioning, license tracking, and access reviews for tools like Google Workspace, Zoom, Notion, and others.
- Review and approve new SaaS integration requests against security and data handling standards before deployment.
- Maintain an accurate inventory of corporate applications, their owners, access scope, and data classification.
- Identify repetitive IT tasks and eliminate them through automation — scripting, workflow tooling, or Okta lifecycle rules.
- Write and maintain runbooks for all core IT operations so coverage is consistent across time zones and not dependent on any single person.
- Contribute to IT metrics: onboarding time-to-access, offboarding completion rate, MDM compliance percentage, and access review cadence.
- Partner with the Security Engineering team to close gaps surfaced by compliance audits (SOC 2, ISO 27001) that touch identity and endpoint controls.
- A ticket-taker who waits for requests. We expect you to proactively find and close gaps — stale accounts, unmanaged devices, ungoverned app integrations.
- Someone who treats IT and security as separate disciplines. Every identity and endpoint decision here is a security decision.
- A process follower who can’t write automation. If you’re doing the same task manually for the third time, that’s a bug.