IT Administrator & Helpdesk

About the role

gravity9 is a fast-growing technology consultancy (UK-headquartered, predominantly PL-based delivery teams) and a MongoDB Premier Partner. Our internal IT estate has scaled to the point where we need a dedicated person owning day-to-day support and the underlying admin — keeping a ~150-person consultancy running smoothly across Okta, Azure, Atlassian, Microsoft 365, GitHub, Kolide, NordLayer and a long tail of SaaS tools.

This role has been operating on an interim basis and we now want to make it permanent. You will be the first point of contact for everything from “I got a new phone and Okta won’t enrol” through to standing up a new SSO integration or a piece of internal automation. You will work closely with our IT Support Lead, our Head of Operations, and senior leadership on improvements to our security posture and IT operating model.

We are a Zero-Trust shop: Okta SSO + Kolide device compliance gate access to everything, and our infrastructure runs on Azure. You will help us continue to raise the bar in advance of client security audits.

What you will do

Day-to-day helpdesk (roughly 50% of the role)

•   Be the default responder in #itsupport and on the JIRA Service Management ITSUP queue. We currently see 10–15 tickets a week. Typical examples:

◦    Okta enrolment on new phones, MFA resets, password recovery

◦    Kolide device-compliance issues (macOS updates, Parallels, mobile sleep-mode quirks)

◦    NordLayer VPN authentication and SSO assignment

◦    Access requests across Atlassian (Jira/Confluence), Azure DevOps, GitHub, SharePoint, Microsoft 365, BreatheHR, Ruddr

◦    Software license provisioning and approval workflow (Claude, Granola, JetBrains, GitHub Copilot, Postman, etc.)

◦    Returning-consultant re-onboarding and full leaver offboarding

•   Help consultants set up and troubleshoot VDI environments when working on partner engagements 

•   Own ticket lifecycle in JIRA: triage, prioritise, work, communicate, close, and keep an eye on aging tickets.

•   Maintain a public-facing FAQ / runbook for the most common requests so users can self-serve where possible.

Identity & Access Management

•   Day-to-day administration of Okta (users, groups, app assignments, SSO integrations, MFA policies, lifecycle hooks).

•   Entra ID / Microsoft Graph administration — app registrations, role assignments, conditional access, B2B guest management.

•   Azure RBAC across our subscriptions (Internal IT, client-facing, gravity9 Sandbox, etc.) — granting least-privilege roles on request and reviewing standing access.

•   Azure DevOps organisation administration — project creation, admin role grants, service-connection setup, group membership.

•   Joiner / mover / leaver process across Okta, Microsoft 365, BreatheHR, Ruddr, GitHub, Atlassian, NordLayer, and any project-specific tooling.

Endpoint security & compliance

•   Own Kolide day-to-day: investigate failing checks, work with users on remediation, manage temporary lifts where appropriate, and feed back to the DevOps team where checks need tuning.

•   Support periodic IAM / access audits — cross-referencing Ruddr, Okta, Kolide and HR records for completeness.

•   Help drive ongoing improvement of our security posture in support of client audits and certifications (UK Cyber Essentials Plus, SOC 2 readiness, due-diligence questionnaires).

SaaS administration

Tenant-level admin across our core stack:

•   Atlassian Cloud — Jira, Confluence, JIRA Service Management (incl. our IT Support project)

•   Microsoft 365 & SharePoint — site permissions, license assignment, distribution lists

•   GitHub — org membership, team permissions, repo creation, Copilot seats

•   NordLayer, JetBrains licensing, Claude, Granola, BreatheHR, Ruddr, Slack workspace admin

Internal tooling & automation (roughly 25% of the role)

We treat internal IT as a small product surface. Recent / current work in this space includes:

•   The gravity9 IT Support Slack Bot (Python; runs in Azure Container Apps in our Internal IT subscription; integrated with JIRA Service Management). Maintain, extend, and hand new requests off to it.

•   n8n self-hosted on Azure with Okta SSO via an OAuth2 proxy + auth bridge pattern — increasingly used for internal automations.

•   SSO integration of new SaaS products into our Okta tenant as the business adopts them.

•   IT Policy reminder automation (Slack-driven, tied to Kolide / BreatheHR signals).

•   ISO acknowledge reminder automation (Slack-driven)

•   Other ad-hoc internal tooling on Azure as opportunities arise.

You should be comfortable writing and shipping code at this scale (Python or Node typical, containerised, deployed via Azure DevOps pipelines). You are not expected to operate at a senior platform-engineer level — but you should be able to run the loop end-to-end on small/medium internal tools without hand-holding.

Light DevOps support

Cover for the DevOps team on internal-leaning work where it makes sense — Azure subscription cleanup, pipeline tweaks, service-connection wiring, occasional Function App / Container App config changes — typically in collaboration with IT Support Lead.

What we are looking for

Essential

•   2+ years in an IT administration, helpdesk, or junior DevOps role, ideally in a tech consultancy / software house environment where the user base is itself technical.

•   Hands-on Okta administration (or strong equivalent IdP experience: Entra ID, Google Workspace) — you can build and troubleshoot a SAML / OIDC integration without supervision.

•   Hands-on Azure experience — RBAC, App Registrations, Container Apps or App Service, basic Bicep / ARM, working knowledge of Entra ID.

•   Azure DevOps as both a user and an administrator — projects, pipelines, service connections.

•   Working knowledge of endpoint compliance / MDM concepts; bonus for Kolide specifically.

•   Comfortable shipping small Python (or Node) services and automations — you can take a “we should have a bot for this” idea and have something running by end of week.

•   Strong written and spoken English. The majority of the job is async written communication with technical and non-technical colleagues across PL, UK, and US — but you’ll also be on calls helping new joiners through laptop setup, Okta enrolment, and other live troubleshooting. You can write a clear ticket update, calmly walk a stressed user through an issue on Zoom, and produce a short runbook.

•   A service mindset. People will come to you stressed, on deadline, blocked. You stay friendly, take ownership, and follow through.

•   Comfortable working largely autonomously — the rest of the IT and DevOps function is small, and you will own a lot of decisions inside your scope.

Nice to have

•   Prior experience standing up or running a help-desk ticketing system (JIRA Service Management ideally).

•   Familiarity with Kolide, NordLayer (or another ZTNA), BreatheHR, Ruddr.

•   Exposure to n8n, Zapier, or similar automation platforms.

•   Slack app / bot development.

•   Awareness of UK Cyber Essentials Plus, SOC 2 / ISO 27001 control frameworks and what an external audit looks like in practice.

•   Polish (for working with the PL-based delivery team) — not required.

How we work

•   Async-first, with most communication in Slack and JIRA.

•   Small team — there is no formal escalation tier above you for most issues; you’re it. We will support you, but autonomy and ownership matter.

•   You will have a direct line to senior leadership for anything that needs investment or policy change.

•   We invest in our internal tooling — if there is a sensible automation that buys back your time and improves the user experience, we want you to build it.