Jobs · Information Technology · Texas

Lead Application Administrator (SaaS & Enterprise Applications)

Stream Data Centers · Dallas, TX · 2 wk ago
On-siteInformation Technology$130k–$165k/yrFull-time

About the role

The Application Administrator (SaaS & Enterprise Applications) serves as the lead for Stream's application administration function and is responsible for the day-to-day administration, availability, configuration, and lifecycle management of Stream's SaaS application portfolio, as well as enterprise application deployment and compliance on corporate-managed endpoints via Microsoft Intune.

Responsibilities

  • Administer SaaS applications (Day-2 operations): Configure, maintain, and support Stream's SaaS platforms, including tenant settings, integrations, environments, and ongoing operational health.

  • Endpoint application deployment (Microsoft Intune): Package, deploy, update, and retire applications using Intune; manage assignment groups and deployment rings; validate installs and remediation steps across Windows/macOS endpoints as applicable.

  • Device & application compliance enforcement: Partner with Security and Endpoint teams to implement and maintain Intune compliance policies and endpoint application baselines; investigate non-compliance and drive timely remediation aligned to policy and audit expectations.

  • Troubleshoot complex deployment and policy issues: Diagnose application install failures, detection-rule issues, policy conflicts, and access problems; coordinate fixes with endpoint engineering, IAM, and vendors; document root cause and preventive actions.

  • Application ownership model and governance: Ensure every application has two owners—IT and the business. Define and maintain RACI, support boundaries, escalation paths, and operational standards for each application.

  • Identity, access, and roles (RBAC): Administer user provisioning/deprovisioning, role assignments, group mappings, and privileged access workflows; perform periodic access reviews with business owners and enforce least privilege.

  • SSO/MFA and directory integrations: Implement and maintain SSO, MFA, SCIM/provisioning, and directory integrations (e.g., Entra ID/AD), ensuring reliable authentication and secure access patterns.

  • Clock with IAM on identity changes: Follow IAM-defined standards for SSO/MFA, SCIM provisioning, group/role mappings, and conditional access; coordinate application onboarding and material configuration changes impacting authentication/authorization with the Entra ID Engineer (IAM SME).

  • Security configuration and control validation: Partner with Cybersecurity to configure application security controls (conditional access, session controls, logging, retention, DLP settings where applicable) and provide evidence for audits and assessments.

  • Monitoring, incident response, and vendor coordination: Monitor application availability and key integrations; respond to incidents, coordinate triage with vendors and internal teams, and drive root-cause analysis and preventive actions.

  • Configuration management and standardization: Maintain baseline configurations, document standards, and reduce drift across tenants/environments; leverage automation and scripting to streamline administration and reduce manual effort.

  • Change management and release coordination: Manage application changes, upgrades, and release impacts; create implementation/rollback plans, communicate outages, and validate post-change outcomes with stakeholders.

  • Data, retention, and compliance alignment: Help define and administer application settings that support compliance requirements (retention, legal hold support where applicable, data residency, and audit logging) in partnership with Security and Legal/Compliance.

  • Application lifecycle and portfolio hygiene: Maintain application inventory/CMDB records, contracts/renewal calendar inputs, ownership metadata, and decommissioning plans; ensure orphaned apps are identified and remediated.

  • On-premises and data center application transition (future scope): As assigned, assume IT operational ownership for the application-layer components of select on-prem/data center solutions, working with Infrastructure to align patching, access, logging, and support processes.

  • Standard documentation and runbooks: Create and maintain application runbooks, admin procedures, integration diagrams, support playbooks, and troubleshooting guides; keep ownership, configuration baselines, and key contacts current.

Requirements

  • Basic Qualifications:

    • Bachelor's degree or equivalent combination of education and experience.
    • 5-8+ years of hands-on experience administering and supporting enterprise SaaS applications and/or business-critical application platforms in production environments.
    • Hands-on experience administering Microsoft Intune (Endpoint Manager), including application deployment, compliance policies, and troubleshooting on corporate-managed endpoints.
    • Strong understanding of application administration fundamentals: tenant configuration, environments, user/role management, integrations (SSO/SCIM/APIs), and troubleshooting methodologies.
    • Demonstrated experience implementing application access controls and security configurations (SSO/MFA/RBAC, audit logging, session controls) in partnership with Security teams.
    • Experience with change management for enterprise applications, including release coordination, outage communications, and validation/testing of changes and integrations.
    • Automation and scripting skills (e.g., PowerShell, Python, Bash) and comfort working with APIs/webhooks (including Microsoft Graph API where applicable) to improve provisioning, reporting, and administrative workflows.
    • Experience supporting application monitoring/logging and collaborating on security findings, vendor escalations, and incident/problem management.
    • Comfort operating in regulated or audit-driven environments; ability to produce evidence, document exceptions, and maintain control validation artifacts.
    • Experience supporting SOC 2, ISO 27001, or similar control frameworks, including evidence collection, access reviews, and control validation for enterprise applications.
    • Excellent written and verbal communication; proven ability to influence cross-functional teams and mentor others.
    • Ability to work across multiple U.S. locations and travel to data center sites as needed; after-hours availability for high-priority server/security incidents when required.
  • Preferred Qualifications:

    • Experience with SaaS administration consoles and vendor portals.
    • Experience with Microsoft Intune (Endpoint Manager) for app deployment and endpoint compliance.
    • Experience with identity platforms and SSO (Entra ID/Azure AD, Active Directory integration, SAML/OIDC), MFA and conditional access, SCIM provisioning, RBAC.
    • Experience with API tools and automation (PowerShell/Python, REST APIs, Microsoft Graph API, Postman); logging/monitoring and SIEM integrations (e.g., Splunk, Sentinel, or similar).
    • Experience with ITSM/ticketing systems; and documentation/knowledge management platforms.
    • Familiarity with common enterprise SaaS categories (collaboration, HRIS, finance, CRM, ERP, ITSM) and audit/compliance expectations.

Benefits

  • Health Care Plan (Medical, Dental & Vision)
  • Retirement Plan (401k, IRA)
  • Life Insurance (Basic, Voluntary & AD&D)
  • Paid Time Off (Vacation, Sick & Public Holidays)
  • Family Leave (Maternity, Paternity)
  • Short Term & Long Term Disability
  • Training & Development
  • Wellness Resources

Pay Range

$130,000 - 165,000 (base)

Similar jobs