Lead Application Administrator (SaaS & Enterprise Applications)

For years, Stream Data Centers has been a trusted partner in providing world-class data center solutions. With a focus on sustainable, secure, and reliable infrastructure, Stream empowers businesses to scale their digital operations while prioritizing environmental and social responsibility. 

Stream Data Centers continues to set new standards for innovation, operational excellence, and sustainability in the data center industry, having provided premium data center services since 1999. Now, with 90% of its inventory leased to Fortune 100 customers, the company has acquired, developed and managed more than 27 data center projects nationally, while leadership has remained consistent for over two decades. 

From site selection to data center construction and operations, Stream develops wholesale colocation capacity and build-to-suit facilities for hyperscale and enterprise users in major markets across the United States. Additionally, Stream sources and develops low-risk land sites for optimum data center development and provides energy procurement services with a focus on reducing market risk and providing low-cost renewable energy options. 

Information Technology Department: 

Stream’s IT team delivers modern, secure technology solutions that power our global operations. We combine proactive management, rigorous cybersecurity, and agile software development to drive business growth. By aligning technology strategy with business goals, we keep Stream at the forefront of innovation and operational excellence. 

The Role: 

The Application Administrator (SaaS & Enterprise Applications) serves as the lead for Stream’s application administration function and is responsible for the day-to-day administration, availability, configuration, and lifecycle management of Stream’s SaaS application portfolio, as well as enterprise application deployment and compliance on corporate-managed endpoints via Microsoft Intune. This role ensures applications are reliable, secure, and aligned to business needs through disciplined access management, configuration standards, vendor coordination, endpoint deployment standards, and operational support. You will work closely with—and take technical direction from—the Entra ID Engineer (IAM SME) for identity standards, SSO/MFA patterns, provisioning approaches, and access governance requirements. 

You will partner closely with Cybersecurity, Infrastructure, and business stakeholders to implement and validate security controls (e.g., SSO/MFA, RBAC, logging, data retention), maintain audit-ready evidence, and drive timely remediation of application risks. Over time, this role will expand to assume IT operational ownership for the application-layer portions of select on-premises and data center–hosted solutions, ensuring consistent standards across SaaS and on-prem environments. 

Key Responsibilities: 

• Administer SaaS applications (Day-2 operations): Configure, maintain, and support Stream’s SaaS platforms, including tenant settings, integrations, environments, and ongoing operational health. 

• Endpoint application deployment (Microsoft Intune): Package, deploy, update, and retire applications using Intune; manage assignment groups and deployment rings; validate installs and remediation steps across Windows/macOS endpoints as applicable. 

• Device & application compliance enforcement: Partner with Security and Endpoint teams to implement and maintain Intune compliance policies and endpoint application baselines; investigate non-compliance and drive timely remediation aligned to policy and audit expectations. 

• Troubleshoot complex deployment and policy issues: Diagnose application install failures, detection-rule issues, policy conflicts, and access problems; coordinate fixes with endpoint engineering, IAM, and vendors; document root cause and preventive actions. 

• Application ownership model and governance: Ensure every application has two owners—IT and the business. Define and maintain RACI, support boundaries, escalation paths, and operational standards for each application. 

• Identity, access, and roles (RBAC): Administer user provisioning/deprovisioning, role assignments, group mappings, and privileged access workflows; perform periodic access reviews with business owners and enforce least privilege. 

• SSO/MFA and directory integrations: Implement and maintain SSO, MFA, SCIM/provisioning, and directory integrations (e.g., Entra ID/AD), ensuring reliable authentication and secure access patterns. 

• Coordinate with IAM on identity changes: Follow IAM-defined standards for SSO/MFA, SCIM provisioning, group/role mappings, and conditional access; coordinate application onboarding and material configuration changes impacting authentication/authorization with the Entra ID Engineer (IAM SME). 

• Security configuration and control validation: Partner with Cybersecurity to configure application security controls (conditional access, session controls, logging, retention, DLP settings where applicable) and provide evidence for audits and assessments. 

• Monitoring, incident response, and vendor coordination: Monitor application availability and key integrations; respond to incidents, coordinate triage with vendors and internal teams, and drive root-cause analysis and preventive actions. 

• Configuration management and standardization: Maintain baseline configurations, document standards, and reduce drift across tenants/environments; leverage automation and scripting to streamline administration and reduce manual effort. 

• Change management and release coordination: Manage application changes, upgrades, and release impacts; create implementation/rollback plans, communicate outages, and validate post-change outcomes with stakeholders. 

• Data, retention, and compliance alignment: Help define and administer application settings that support compliance requirements (retention, legal hold support where applicable, data residency, and audit logging) in partnership with Security and Legal/Compliance. 

• Application lifecycle and portfolio hygiene: Maintain application inventory/CMDB records, contracts/renewal calendar inputs, ownership metadata, and decommissioning plans; ensure orphaned apps are identified and remediated. 

• On-premises and data center application transition (future scope): As assigned, assume IT operational ownership for the application-layer components of select on-prem/data center solutions, working with Infrastructure to align patching, access, logging, and support processes. 

• Standard documentation and runbooks: Create and maintain application runbooks, admin procedures, integration diagrams, support playbooks, and troubleshooting guides; keep ownership, configuration baselines, and key contacts current. 

Success Metrics & KPIs: 

• Application availability and operational health: Improved uptime of critical SaaS platforms, reduced recurring incidents, and reliable performance of key integrations. 

• Access governance and security controls: Timely provisioning/deprovisioning, successful access reviews, and consistent enforcement of SSO/MFA/RBAC with minimal exceptions. 

• Configuration standardization and drift reduction: Documented baselines for in-scope applications, reduced configuration drift, and faster remediation of misconfigurations. 

• Audit readiness and evidence quality: Complete, timely delivery of audit evidence (logs, settings, access reviews, retention controls) and reduced repeat findings related to applications. 

• Ownership clarity and stakeholder satisfaction: Every application has IT and business owners with clear RACI; improved resolution times and stakeholder feedback on application support and communication. 

Basic Qualifications: 

• Bachelor’s degree or equivalent combination of education and experience. 

• 5–8 years of hands-on experience administering and supporting enterprise SaaS applications and/or business-critical application platforms in production environments. 

• Hands-on experience administering Microsoft Intune (Endpoint Manager), including application deployment, compliance policies, and troubleshooting on corporate-managed endpoints. 

• Strong understanding of application administration fundamentals: tenant configuration, environments, user/role management, integrations (SSO/SCIM/APIs), and troubleshooting methodologies. 

• Demonstrated experience implementing application access controls and security configurations (SSO/MFA/RBAC, audit logging, session controls) in partnership with Security teams. 

• Experience with change management for enterprise applications, including release coordination, outage communications, and validation/testing of changes and integrations. 

• Automation and scripting skills (e.g., PowerShell, Python, Bash) and comfort working with APIs/webhooks (including Microsoft Graph API where applicable) to improve provisioning, reporting, and administrative workflows. 

• Experience supporting application monitoring/logging and collaborating on security findings, vendor escalations, and incident/problem management. 

• Comfort operating in regulated or audit-driven environments; ability to produce evidence, document exceptions, and maintain control validation artifacts. 

• Experience supporting SOC 2, ISO 27001, or similar control frameworks, including evidence collection, access reviews, and control validation for enterprise applications. 

• Excellent written and verbal communication; proven ability to influence cross-functional teams and mentor others. 

• Ability to work across multiple U.S. locations and travel to data center sites as needed; after-hours availability for high-priority server/security incidents when required. 

Preferred Qualifications: 

• Experience with SaaS administration consoles and vendor portals
• Experience with Microsoft Intune (Endpoint Manager) for app deployment and endpoint compliance
• Experience with identity platforms and SSO (Entra ID/Azure AD, Active Directory integration, SAML/OIDC), MFA and conditional access, SCIM provisioning, RBAC
• Experience with API tools and automation (PowerShell/Python, REST APIs, Microsoft Graph API, Postman); logging/monitoring and SIEM integrations (e.g., Splunk, Sentinel, or similar)
• Experience with ITSM/ticketing systems; and documentation/knowledge management platforms
• Familiarity with common enterprise SaaS categories (collaboration, HRIS, finance, CRM, ERP, ITSM) and audit/compliance expectations 

• Health Care Plan (Medical, Dental & Vision)
• Retirement Plan (401k, IRA)
• Life Insurance (Basic, Voluntary & AD&D)
• Paid Time Off (Vacation, Sick & Public Holidays)
• Family Leave (Maternity, Paternity)
• Short Term & Long Term Disability
• Training & Development
• Wellness Resources

The pay range for this role is between $130,000 – 165,000 (base). Individual compensation packages are based on various factors unique to each candidate, including skill set, experience, qualifications, location, and other job-related reasons. Stream Data Centers offers annual bonus, benefits, flexible time off (vacation), 401k and a variety of other perks and benefits.

Stream is an equal-opportunity employer and does not discriminate on the basis of ethnicity, race, religion, sex, age, national origin, disability, military status, or any other reason prohibited by law. Note: Nothing in this job description restricts management’s right to assign or reassign duties and responsibilities to this job at any time.

Salary : $130,000 - $165,000