Infrastructure Architect san francisco, cA

Infrastructure Architect
 
 
WHO YOU ARE:

You’re a senior IT leader who still loves being hands-on. You’ve built and scaled IT foundations in fast-moving, hardware-centric or engineering-heavy environments, and you’re comfortable owning everything from identity to endpoints to networks and cloud. You think in architectures and roadmaps, but you’re just as willing to jump into a console, debug a weird device issue, or whiteboard a new access pattern with engineers.

You’ll report directly to our COO and serve as the owner of Astro Mechanica’s IT architecture and internal technology stack. You’re excited to lead a small but high-impact IT function, including managing and developing our Help Desk Specialist, and you know how to set clear SLAs, build clean documentation, and automate the boring stuff. You measure yourself by how much friction you remove for engineers and operators, and you instinctively balance speed with security, compliance, and reliability. You are dedicated to building an IT backbone that lets a team of hardcore aerospace engineers move faster, safer, and more effectively as we scale.

WHAT YOU’LL DO:

Own the IT roadmap: Build and deliver a 12–18 month plan across identity/SSO, endpoint management, networks, collaboration, backups/DR, logging/observability, access governance, and internal/off the shelf tooling.

Engineering enablement: Engage with teams, decompose needs, and architect pragmatic, secure solutions that reduce friction and improve developer/design velocity.

End user productivity: Define endpoint strategy (e.g., COPE), zero touch provisioning, and a modern productivity stack that balances speed with security/compliance.

Cloud & data architecture: Evaluate and implement the right cloud path for regulated workloads (e.g., AWS GovCloud (US), Azure Government, or GCP Assured Workloads). Define IAM, key management, logging, and data lifecycle.

Compliance readiness: Map and operationalize controls for NIST SP 800 171 Rev. 3 and CMMC 2.0 (policies, technical controls, vendor risk, and audit evidence). Incorporate network segmentation, zero trust access, and secure remote work.

Continuity & risk: Establish RTO/RPO, implement and test backups and disaster recovery, and maintain incident response runbooks with regular tabletop exercises.

Vendors & budget: Own IT vendor selection, SLAs, renewals, and spend; rationalize tooling and forecast costs.

Leadership: Coach the Help Desk Specialist; set SLAs, build a documentation/automation culture, and publish simple metrics (availability, device compliance, onboarding time, ticket SLAs).

WHAT WE’RE LOOKING FOR:

8–12+ years in IT infrastructure/architecture with deep hands on in identity, endpoints, networks, and SaaS; proven scaling in startup and/or hardware lab environments.

Experience planning and operating secure cloud for regulated workloads (e.g., GovCloud/Azure Gov/GCP Assured Workloads or equivalent controls).

Comfort turning NIST 800 171 requirements into practical controls; familiarity with CMMC 2.0; bonus for SOC 2 or NIST CSF experience.

Representative toolkit: Okta or Entra ID; Jamf/Intune/FleetDM; CrowdStrike/SentinelOne; M365; Jira/Freshservice; modern VPN.

Bonus points: prior experience in an ITAR/EAR environment.

SF or Denver preferred; remote (US) considered with periodic travel.

Export controls: Some parts of the job may require access to export controlled technical data; eligibility as a U.S. person may be required depending on scope.

PERKS AND BENEFITS:

Comprehensive medical, dental, and vision insurance, including Flexible Spending Accounts (FSA)

401(k) program and transparent stock option plan

Self-managed and flexible time-off policy, including PTO, paid holidays, and sick time

Flexible work environment

Company-funded perks, including weekly team lunches and Astro Mechanica swag