System Engineer L2 (Active Directory / O365)

Singapore
Non-Academic – IT /
Full Time /
On-site
Apply for this job
About GESS
As one of the leading international schools in Singapore, GESS is home to students from over 70 nations worldwide. We are for many families the home away from home and we are very happy that they are part of our school community which is based on mutual support and solidarity. With our language programme, we support our students to nurture this part of their identity and want to preserve the opportunity that they can grow up with multiple languages to be best prepared for an international environment. With the German International Abitur or the IB Programme they are perfectly prepared for their career after school. Our students enjoy lifelong learning and we take pride in our GESS values of respect, openness and diversity which our students will nurture in their life after school.

We were awarded with the “Deutsche Schulpreis” (German school prize) 2022, which was given to us for our extraordinary concept according to their motto “Make teaching better”. We stand out as the only German school abroad nominated for this award.

Job Purpose
- The System Engineer L2 (Active Directory / O365) is responsible for ensuring the secure, reliable, and efficient operation of the school’s identity and collaboration infrastructure in a hybrid on-premises and cloud environment.

- The role focuses on Active Directory, Azure AD, and Microsoft 365 for Education, including user identity management, access control, and integration with platforms such as AWS and other SaaS applications. A part of the role is implementing and maintaining cybersecurity best practices related to identity security, access governance, and threat protection across systems.

- The position also supports day-to-day operations, contributes to the Technology Team and security-related projects, and provides technical expertise to internal teams and external partners, aligning solutions with the specific needs of a K–12 educational environment.

Key Accountabilities

Active Directory (AD) Management:

    • Maintain, troubleshoot, and enhance Active Directory infrastructure.
    • Create, modify, and disable user accounts, groups, and permissions according to access policies.
    • Implement Group Policy Objects (GPOs) and Organizational Unit (OU) structures.
    • Monitor AD health and perform regular audits and cleanups.

Identity and Access Management (IAM):

    • Manage Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
    • Implement and enforce identity lifecycle processes for students, staff, faculty and parents
    • Collaborate with HR and Academic departments to streamline onboarding/offboarding.

Microsoft 365 Administration:

    • Administer Microsoft 365 for Education services, including Exchange Online, SharePoint, Teams, and OneDrive.
    • Manage licensing, mail flow, compliance, and data loss prevention policies.
    • Provide end-user support and training for M365 applications.

Automation & Scripting:

    • Develop PowerShell scripts to automate routine tasks and improve provisioning processes.
    • Maintain documentation for scripts, systems, and processes.

Security & Compliance:

    • Ensure compliance with data protection regulations (e.g., GDPR, FERPA).
    • Monitor and respond to security incidents related to identity and access.

Collaboration & Support:

    • Work with IT Service Desk / End User Computing (EUC) to resolve escalated incidents related to identity and collaboration tools.
    • Participate in infrastructure projects and strategic IT initiatives.
    • Other roles and projects assigned by the Director of Technology.

Knowledge and Experience

    • Experience supporting Microsoft 365 for Education tenants.
    • Familiarity with Azure AD Connect, Intune, and Conditional Access Policies.
    • Experience integrating identity systems with LMS platforms or Student Information Systems (SIS).
    • Experience with third-party tools such as ManageEngine AD Self-Service, Papercut, and KnowBe4.
    • Working knowledge of compliance standards in education (PDPA, FERPA, GDPR).
    • Excellent communication skills and ability to work with both technical and non-technical stakeholders.
    • Experience in an academic institution or large educational organization is highly desirable.

Technical and Soft Skills

    • Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
    • Microsoft certifications preferred (e.g., Microsoft 365 Certified: Modern Desktop Administrator Associate, Azure Administrator Associate, or Identity and Access Administrator  Associate).
    • Proven experience in managing Windows Server, Active Directory, and Group Policy.
    • Strong hands-on experience with Microsoft 365 admin center, Azure Active Directory, and related services.
    • Solid knowledge of identity lifecycle, user provisioning, and role-based access control.
    • Proficiency in PowerShell scripting for automation.
    • Understanding of education-specific needs in cloud collaboration and access control.
Fair Recruitment and Safeguarding: We are committed to fair recruitment practices and safeguarding the welfare of all students. We ensure that our hiring processes are free from discrimination and bias on the basis of age, nationality, gender, sexual orientation, marital status, pregnancy status, caregiving responsibilities, race, religion, language or disability. As part of our commitment to safeguarding, we conduct thorough background checks on all candidates which include criminal background checks in all countries lived and worked in for the last ten years, as well as reference checks. Any offer is subject to the satisfactory completion of such checks.  Our school prioritises the safety and well-being of our students, and we expect all staff members to uphold these values.
Apply for this job

GESS Home Page

Jobs powered by Lever logo