Job Summary

We are seeking an experienced Windows Administrator to manage and support the enterprise Windows environment, including MECM (Microsoft Endpoint Configuration Manager), formerly SCCM (System Centre Configuration Manager), Entra ID, (formerly Azure AD) (Active Directory), PowerShell scripting, automation, and on-prem Active Directory. The ideal candidate will have expertise in managing client devices, Windows Public Key Infrastructure (PKI), and a variety of other Windows server and client technologies. They should feel comfortable working in a team of Windows Administrators within a broader, multi-disciplined team across varying geographical locations.

Our team collaborates closely across business units to understand needs and provide tailored solutions that empower them to succeed and produce their work faster and better. We embrace a fast-paced, iterative approach that keeps us all challenged and engaged, and always look for ways to improve our processes and deliver value quickly!

Responsibilities and Duties

  • Manage and maintain MECM infrastructure for deployment, updates, and software distribution
  • Perform application packaging, deployment, and lifecycle management
  • Troubleshoot deployment issues and optimize software rollout processes
  • Monitor and report on the status of MECM infrastructure, deployments, and compliance

Entra ID (Azure AD):

  • Administer and support Entra ID, including user management, access policies, and security configurations in a ‘hybrid’ configuration using Azure AD Connect
  • Implement and manage Single Sign-On (SSO), Multi-Factor Authentication (MFA) (Using Duo not Azure MFA), and conditional access policies
  • Integrate on-prem Active Directory with Entra ID for hybrid environments

PowerShell Scripting and Automation:

  • Develop and maintain PowerShell scripts for automation tasks related to user management, system administration, and software deployment
  • Build custom scripts to streamline repetitive tasks, enhance system monitoring, and improve operational efficiency

Active Directory (On-Prem):

  • Manage and support on-prem Active Directory including Group Policy Objects (GPOs), domain controllers, user accounts, and permissions
  • Ensure AD replication, health, and availability across the organization
  • A knowledge of how to Implement and manage trust relationships, forests, and cross-domain management

Windows Public Key Infrastructure (PKI):

  • Administer and maintain Windows PKI environments including certificate issuance, renewal, and revocation
  • Ensure secure communication within the organization by managing certificates for users, devices, and services

Client End-User Device Management:

  • Administer client devices (Windows workstations, laptops, etc.) ensuring they are compliant with corporate policies
  • Troubleshoot hardware and software issues on end-user devices
  • Manage Windows updates, security patches, and antivirus solutions across the client environment
  • Ensure device encryption and endpoint security policies are enforced

Automation & System Integration:

  • Implement automation solutions to optimize the efficiency of daily administrative tasks
  • Use configuration management tools (e.g., MECM) to manage end-user devices, profiles, and policies
  • Integrate on-prem and cloud services for seamless IT operations

Monitoring & Reporting:

  • Monitor system performance, event logs, and health metrics across all Windows systems
  • Generate reports on system health, performance, security posture, and compliance levels
  • Proactively resolve issues to maintain maximum system uptime

General Windows Administration:

  • Manage Windows Server environments, ensuring regular updates, security patches, and performance optimization
  • Perform system backups and ensure disaster recovery readiness
  • Participate in system migrations, upgrades, and new infrastructure implementations

Collaboration & Support:

  • Work closely with other IT teams (networking, security, application support) to provide an integrated service
  • Provide support to end-users and resolve escalated technical issues
  • Ensure compliance with organizational security policies and industry best practices

SharePoint Online (Office 365) Administration and Support:

  • Administer and maintain SharePoint Online environments, ensuring proper permissions, security settings, and compliance with organizational policies
  • Provide support for SharePoint Online, including site creation, document libraries, lists, workflows, and integrations with other Office 365 services
  • Troubleshoot issues related to SharePoint performance, permissions, and user access
  • Assist with SharePoint Online migrations, upgrades, and site optimizations
  • Implement governance and best practices for SharePoint content management, site structures, and information architecture
  • Collaborate with teams to enhance SharePoint features, such as automating workflows using Power Automate and integrating with Microsoft Teams

Candidate Profile

Essential skills

  • Experience in Windows administration, MECM, Active Directory and the wider Entra/Azure AD MS Suite – Exchange Online, SharePoint etc
  • In-depth experience with MECM for OS and application deployment
  • Proficiency in Entra ID (Azure AD) and on-prem Active Directory
  • Strong PowerShell scripting skills and experience with automation tools
  • Knowledge of Windows PKI and certificate management
  • Experience with Windows server and client device management
  • Familiarity with endpoint security tools, patch management, and software distribution
  • Microsoft Certified: Azure Administrator Associate, Microsoft Certified: Windows Server Hybrid Administrator, or other relevant certifications preferred
  • Excellent problem-solving skills, attention to detail, strong communication, and ability to work independently and as part of a team

Desirable skills

  • Experience with cloud environments, specifically Microsoft 365 and Azure
  • Knowledge of networking concepts, firewalls, and VPNs
  • Experience with virtualization technologies (e.g., Hyper-V, VMware)
  • Experience with Intune or other Mobile Device Management (MDM) platforms
  • Experience with Microsoft SQL servers and Microsoft Radius servers

Benefits

In addition to a competitive salary, Graphcore offers flexible working, a generous annual leave policy, private medical insurance and health cash plan, a dental plan, pension (matched up to 5%), life assurance and income protection. We have a generous parental leave policy and an employee assistance programme (which includes health, mental wellbeing, and bereavement support). We offer a range of healthy food and snacks at our central Bristol office and have our own barista bar! We welcome people of different backgrounds and experiences; we’re committed to building an inclusive work environment that makes Graphcore a great home for everyone. We offer an equal opportunity process and understand that there are visible and invisible differences in all of us. We can provide a flexible approach to interview and encourage you to chat to us if you require any reasonable adjustments.

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


UK Demographic Data

We take pride in our commitment to creating an inclusive and diverse workplace. As part of our recruitment process, we ask for confidential diversity data from all applicants. This data will be anonymised so that no personal identification information will be collected, and is retained for statistical purposes only and is not attached to your application. Your responses to the following three questions will remain confidential and will not impact or be used in any way in regards to your application. We are only using this data to improve our hiring process to be inclusive of all diversity backgrounds.

I identify my gender as (Select one) *





What is your ethnicity? (Select one) *







Do you consider yourself to have a disability? (Select one) *




Enter the verification code sent to to confirm you are not a robot, then submit your application.

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.