Astra’s mission is to improve life on Earth from space by creating a healthier and more connected planet. Today, Astra offers one of the lowest cost-per-launch dedicated orbital launch services, and one of the industry’s leading flight-proven electric propulsion systems for satellites, the Astra Spacecraft Engine.

The Opportunity 

This role focuses on infrastructure for people and internal systems:

• Identity (SSO, RBAC, lifecycle)
• Endpoints (Mac, Windows, Linux)
• Access (device trust, zero-trust networking)
• Internal platform and automation

This is not a DevOps or SRE role

• You will not primarily own CI/CD pipelines or Kubernetes clusters
• You will not focus on application deployment infrastructure
• This role is about access, identity, endpoints, and secure systems for humans

How You'll Fulfill Your Mission

• Own identity as a first-class system (SSO, RBAC, lifecycle, device trust)
• Build a fully automated onboarding/offboarding pipeline
• Design and operate endpoint infrastructure across Mac, Windows, and Linux
• Eliminate manual IT work through automation, scripting, and tooling
• You should expect to spend the majority of your time building systems and automation—not responding to tickets
• Architect secure network infrastructure across office, lab, and remote environments
• Design and implement modern access patterns (e.g., WireGuard-based networking, zero-trust, device-aware access)
• Own firewall and perimeter security (Palo Alto, Juniper, or equivalent)
• Enable secure, compliant access to cloud environments (AWS GovCloud, GCP Assured Workloads)
• Drive compliance (CMMC, ITAR) through systems—not paperwork
• Partner directly with engineering to remove friction and increase velocity
• You will have high ownership and autonomy to define how these systems are built and operated

Why We Value You

• 8+ yrs of related experience
• 5+ years Proven experience building and owning infrastructure systems 
• Deep experience with identity systems (Azure AD / Entra or equivalent; SAML/OAuth/SCIM)
• Strong experience managing heterogeneous endpoint fleets (Mac, Windows, Linux; MDM such as Intune/Jamf/Kandji)
• Hands-on experience with network security and modern connectivity patterns (VPNs, WireGuard, zero-trust networking)
• Strong scripting and automation skills (Python, Bash, or similar)
• Experience integrating systems via APIs and event-driven workflows
• Experience operating in regulated environments (CMMC, ITAR, FedRAMP-like)

What Sets You Apart

• You treat internal infrastructure like a product, not a helpdesk
• You automate everything that happens more than once
• You reduce complexity instead of adding it
• You think in terms of identity-first and network-minimized architectures
• You can debug across identity, network, endpoint, and cloud boundaries
• You have strong opinions about how systems should be built—and can back them up

Desired Multipliers 

• Experience in GCC High environments (Microsoft Entra ID)
• Familiarity with Amazon Web Services GovCloud or Google Cloud Platform Assured Workloads
• Experience with WireGuard-based networking or modern secure access platforms (e.g., Tailscale, Cloudflare Zero Trust)
• Experience supporting hardware, lab, or manufacturing environments
• Experience designing zero-trust or device-trust architectures

The pay range for this role is: $160,000-220,000

Salary and Benefits

We're competitive in compensation and offer equity as part of the package. We have great benefits that include health, vision, dental, and 401K in comparison to other startups. We provide lunch and there's plenty of snacks and drinks to get you through the day.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

ITAR Requirements: This position requires compliance with U.S. Government space technology  trade restrictions, specifically the International Trafficking in Arms Regulations (ITAR), Export Administration Regulations (EAR) and additional regulations governing satellite, launch vehicle, missile, and other related technologies. All jobs restricted by these regulations will be contingent upon the applicant’s status as a documented U.S. Person or their ability to receive a trade license from the cognizant government agency; in addition to any required company background checks and in compliance with applicable U.S. and California laws. Similarly, positions requiring the ability to work on government contracts or a security clearance are also contingent upon the applicants ability to receive the appropriate clearance and be allowed to work on U.S. government contracts.

© Astra Space Operations, LLC. All rights reserved, Astra is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, religion, color, gender identity, sexual orientation, age, disability, veteran status, or other applicable legally protected characteristics. We encourage people of different backgrounds, experiences, abilities, and perspectives to apply.

San Francisco Applicants: Astra will consider applicants with arrest and conviction records (criminal histories) in a manner consistent with the San Francisco Fair Chance Ordinance.