View All Jobs 114331

IT / Client Platform Engineer (spain) - Remote Eligible

Work with leadership to build scalable internal IT platform for identity and access management
Madrid
Senior
€67,000 – 81,000 EUR / year
9 hours agoBe an early applicant
Crossmint

Crossmint

Provides infrastructure and APIs for businesses to create, manage, and integrate NFTs and digital assets into their products.
1 Similar Job at Crossmint

IT / Client Platform Engineer

Crossmint is the leading enterprise-grade, all-in-one stablecoin and wallet infrastructure platform enabling fintechs and enterprises to integrate stablecoin rails and smart wallets with speed, compliance, and scale. Trusted by more than 40,000 clients including global leaders such as MoneyGram, WireX, Toku, and more, Crossmint provides embedded smart wallets, on/offramps, cross-chain stablecoin orchestration, tokenization, and other blockchain primitives through simple, developer-friendly APIs that integrate in minutes and scale to millions of users.

The future of finance is stablecoin-native. Crossmint makes it easy to get there.

Location

Preferred: Madrid

We are also open to remote candidates based in other parts of Spain.

Type of Employment

Full-time

Salary range: €67,000 - €81,000

Note: Final level and compensation are determined during the interview process based on experience and fit.

About The Role

We are looking for a hands-on, generalist IT / Client Platform Engineer to own day-to-day IT operations while building scalable foundations across identity, access, device management, and onboarding/offboarding.

This is not just a help desk role. While you will support employees directly, your primary mission is to design and implement automated, secure, and scalable IT systems, especially around identity (SSO/SCIM), Mac fleet management, and AWS access.

You'll be the backbone of our internal IT platform, ensuring employees have seamless access to what they need, securely and efficiently.

What You Will Do

Identity, Access & SaaS Administration

  • Own Google Workspace administration (email, groups, security settings, user lifecycle).
  • Manage and improve SSO integrations across SaaS apps (primarily SAML-based).
  • Troubleshoot authentication issues (SSO, MFA, sessions, login failures).
  • Implement and improve SCIM provisioning (automated create/update/deprovision flows).
  • Drive clean and automated joiner / mover / leaver processes.
  • Maintain a structured SaaS inventory (owners, licenses, criticality, usage).
  • Run periodic access reviews and enforce least-privilege access by default.

Mac Endpoint Management (Apple-First Environment)

  • Own Mac fleet management end-to-end (primarily macOS).
  • Manage MDM solutions (Rippling MDM; Kandji experience highly relevant).
  • Implement and maintain zero-touch deployment via Apple Business Manager / Automated Device Enrollment.
  • Standardize device configuration (FileVault, OS updates, security baselines, Wi-Fi/VPN profiles).
  • Manage software packaging and deployment (Munki and/or AutoPkg are a plus).
  • Maintain asset inventory, lifecycle tracking, compliance, and secure offboarding wipes.

AWS Access & Account Management

  • Manage AWS IAM access (federated access, users, roles, policies).
  • Support AWS account administration and permissions troubleshooting.
  • Enforce secure access practices: MFA, key rotation, role-based access, minimizing long-lived credentials.
  • Support audits and access reviews related to AWS environments.

IT Support & Operations

  • Provide L1/L2 support for employees (accounts, laptops, SaaS issues).
  • Own internal ticket flow (prioritization, response times, documentation).
  • Create and maintain clear runbooks, onboarding guides, and internal "how-to" documentation.
  • Partner with Security, Engineering, and People Ops to deliver a smooth employee experience.

About You

  • 10+ years of experience in IT Operations / Client Platform / Endpoint Engineering in a modern company (startup experience or MacAdmins-style environments strongly preferred).
  • Strong hands-on macOS administration experience in company environments.
  • Experience managing Mac MDM solutions (Kandji, Jamf, Rippling MDM, Workspace ONE, Intune, etc.).
  • Experience with Apple zero-touch deployment (Apple Business Manager / Automated Device Enrollment).
  • Strong Google Workspace administration experience.
  • Working knowledge of:
    • SAML SSO (setup and troubleshooting)
    • SCIM provisioning (setup and troubleshooting)
    • IAM fundamentals (groups, roles, least privilege, audits)
  • Hands-on experience with AWS IAM (policies, roles, access troubleshooting).
  • Comfortable providing direct support to non-technical users.
  • Strong ownership mindset: you can build processes from scratch, document them clearly, and continuously improve them.
  • Scripting and automation skills (Bash, Python) to reduce manual work.

Strong Plus If You Have

  • OIDC knowledge.
  • Experience with Munki and/or AutoPkg for macOS software deployment.
  • Light tooling skills (Golang or JavaScript) to reduce repetitive manual workflows.
  • Experience managing IT tooling at SaaS scale (100–500 employees, many apps).
  • Familiarity with security and compliance practices (SOC 2 controls in practice: access reviews, device encryption, logging, disciplined offboarding).
  • Experience with device telemetry / visibility tools (e.g., osquery, Fleet).

We highly value engineers who think beyond manual processes:

  • Interest in using automation and AI features within modern IT tools to reduce repetitive work.
  • Experience (or curiosity) with AI-powered service desk tools or virtual agents.
  • Ability to design self-service flows (software access requests, password reset guidance, troubleshooting workflows) using low/no-code automation.
  • Exposure to AI-assisted SaaS management (shadow IT discovery, license insights, contract tracking).
  • Awareness of modern identity threats (phishing, session hijacking, credential stuffing) and interest in evolving toward risk-based or continuous identity security models.

This list is a guide, not a checklist. You do not need to meet every requirement to be a strong candidate.

Why Join Crossmint?

You'll play a foundational role in building the internal systems that power the company. This is a high-ownership position where you'll shape how identity, devices, and access work from the ground up—while balancing security, automation, and a great employee experience.

If you enjoy building clean systems, automating away repetitive work, and designing secure-by-default IT environments, we'd love to hear from you.

What Success Looks Like (First Months)

  • New hires receive a zero-touch laptop with correct access on Day 1.
  • Offboarding is clean and immediate (accounts disabled, tokens revoked, devices wiped).
  • Most SaaS applications are behind SSO and provisioned with SCIM where possible.
  • AWS access is fully integrated with our identity provider.
  • Clear SaaS inventory with ownership and visibility.
  • Fewer access surprises and a stronger security posture.
  • Employees describe IT as reliable, fast, and easy to work with.

Benefits

  • Extensive access to leading AI tools and subscriptions, with AI actively encouraged and integrated into daily workflows.
  • Stock options program.
  • We conduct two performance reviews annually. The first addresses performance ratings, bonuses, and promotions. The second encompasses these elements along with salary adjustments reflecting inflation and market conditions.
  • Unlimited, flexible PTO.
  • Flexible work schedule.
  • Company laptop and allowance for any necessary home equipment.
  • Daily stipend for commuting to the office
+ Show Original Job Post
Suggest a correction
























IT / Client Platform Engineer (spain) - Remote Eligible
Madrid
€67,000 – 81,000 EUR / year
Engineering
Apply to job
About Crossmint
Provides infrastructure and APIs for businesses to create, manage, and integrate NFTs and digital assets into their products.