Systems Engineer II "Microsoft"

Space Coast Credit Union (SCCU), the 3rd largest credit union in Florida, is looking for an Systems Engineer II to join our ONESCCU team at our  Melbourne Headquarters or Miramar Operations Center locations! SCCU has been in business for over 70 years, has over 8 billion dollars in assets and WE ARE GROWING!

Our Members are our top priority and we stand behind our Brand Promise: Honest People, Trusted Products, Time Valued. We offer a rich benefits package and career advancement opportunities.

This is a 6 month contract to hire.

SCCU Team Member Benefits:

• ONESCCU annual bonus available!
• Hybrid Work Options - Work from home up to 3 days a week.
• Flexible Schedule options!
• Medical, Dental, & Vision Insurance
• HSA (Health Savings Account) with SCCU matching contribution
• SCCU Paid Long Term and Short Term Disability coverage
• SCCU Paid Term Life Insurance
• Employee Assistance Program (EAP)
• Paid Time Off
• 401(K) Pre-Tax Savings Plan with SCCU match- 100% of the first 5% of employee contributions
• Tuition Reimbursement Program

SCCU Team Member financial discounts & perks (save money every month!):

• Loan Discounts - Mortgage, 2nd Mortgage, Auto, Motorcycle, Boat etc. / GAP coverage at half price
• Fixed low rate credit card- 5.99%, if approved
• FREE Identify Theft Protection!
• No fee SCCU accounts

Starting Salary Range

• $107,570.92 - $114,586.41 / Central FL
• $110,220.34 - $117,408.63 / South FL

Purpose:
The Microsoft Systems Engineer will design, build, implement, and maintain Space Coast Credit Union’s enterprise Microsoft platforms. This includes:
• Administering and optimizing On Premises Active Directory—with an emphasis on replication topology, Sites & Services, multi forest trust models, and CIS benchmark hardening.
• Engineering hybrid identity with Azure AD Connect / Entra Cloud Sync (Password Hash Sync, Pass through Authentication, and staging/swing migration), Hybrid Join, and Microsoft Entra ID SSO (SCIM, SAML 2.0, OAuth/OIDC, and Just In Time provisioning).
• Owning full lifecycle deployment of Intune MDM/MAM, Windows Autopilot, GPO to Intune configuration/compliance profile conversion, and endpoint protection with Microsoft Defender for Endpoint.
• Architecting, administering, and troubleshooting Proofpoint PPS/TAP secure mail gateways (DMARC / DKIM / SPF, malware & impersonation defense, smart host connectors, DLP, encryption).
• Supporting Microsoft 365 (Exchange Online, SharePoint Online, OneDrive, Teams) and Azure IaaS/PaaS resources for resilient collaboration and messaging.

Principal Duties and Responsibilities:
• Active Directory Engineering – Administer multi site, multi forest AD DS; design replication, schema/forest upgrades, delegated OU structures, and PKI/CA integration.
• Hybrid Identity & Entra ID – Plan, deploy, and maintain Azure AD Connect / Cloud Sync, Hybrid Join, Conditional Access, PIM, and SSO integrations (SCIM, SAML, OAuth/OIDC).
• Intune / Autopilot / Endpoint Security – Build and maintain Intune tenant, migrate legacy GPOs to Intune, create Autopilot deployment rings, publish compliance & configuration profiles, implement Defender for Endpoint and Proactive Remediations.
• Proofpoint Administration – Install, configure, and tune PPS/TAP clusters; manage policies, mail flow connectors, quarantine, and threat intel; troubleshoot end to end message delivery.
• Microsoft 365 Services – Administer Exchange Online (hybrid mail flow, EOP), SharePoint Online, OneDrive, and Teams retention/eDiscovery.
• Automation & Scripting – Develop PowerShell / Graph scripts for deployment, reporting, and proofpoint/intune automation; maintain CI/CD pipelines where applicable.
• Technical Support – Provide Tier III response and on call escalation for identity, device management, mail security, and collaboration platforms.
• Project Participation – Lead or contribute to IT projects, create charters, timelines, and deliverables, and coordinate with cross functional teams.
• Documentation – Produce and maintain high level/low level designs, runbooks, SOPs, and change control artifacts.
• Security & Compliance – Enforce SCCU security baselines and FFIEC/NCUA requirements; participate in audits and risk assessments.
• Vendor Liaison – Act as primary contact with Microsoft, Proofpoint, and other vendors for support cases, roadmap alignment, and licensing.
• Continuous Improvement – Track emerging Microsoft and Proofpoint capabilities; recommend and pilot new features to enhance resilience, security, and user experience.
• Other duties as assigned.

JOB KNOWLEDGE, SKILLS & ABILITIES
• Proven hands on expertise designing and implementing:
        o Azure AD Connect / Cloud Sync topologies, Hybrid Join, federation models.
        o Intune MDM/MAM, Windows Autopilot, and GPO to Intune migration.
        o Proofpoint PPS & TAP secure mail gateways, including DMARC/DKIM/SPF tuning.
        o Entra ID SSO, SCIM provisioning, SAML 2.0, OAuth/OIDC, and Conditional Access.
• Strong PowerShell / Graph automation skills; ability to create JSON/Win32 and Proactive Remediation scripts.
• Excellent analytical and root cause troubleshooting skills for multi discipline issues (identity, mail flow, endpoint, security).
• Effective project management, task prioritization, and stakeholder communication abilities.
• Clear, concise verbal and written communication and documentation skills.
• Preferred certifications:
      o Microsoft 365 Enterprise Administrator Expert (MS 102)
      o Entra ID Administrator Associate (SC 300) or Intune Administrator Associate (MD 102)
      o Proofpoint Certified Specialist (PPS/TAP); CISSP, CISM, or similar.

Minimum Qualifications:
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the minimum level of knowledge, skills and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education & Experience:
• Level II: 5 - 8 years hands on engineering of hybrid AD DS/Azure AD, Intune/Autopilot, Proofpoint (or equivalent), and Microsoft 365 platforms.

A 4-year college degree in Information Systems, Computer Engineering, or a related academic area, or equivalent experience, is required

Physical Demands:

Work requires light or a low amount of physical exertion.  The need for physical stamina and endurance is of minimum or low significance.  Body movement usually involves sitting and intermittent walking.

Working Conditions:                                                                                                                             

No adverse environmental working conditions.

Hours;

Monday/Friday 8:00-5:00

Every third Sunday for patching availability

Able to work after hours as needed

Participate in an on-call rotation

Disclaimer:

The information provided in this description has been designed to indicate the general nature and level of work performed by incumbents within this job.  It is not designed to be interpreted as a comprehensive inventory of all duties, responsibilities, qualifications and working conditions required of employees assigned to this job. 

Space Coast Credit Union believes the essential functions of the job are included in this description.  Management has discretion to add or modify duties of the job and to designate other functions as essential at any time.

#IND