Systems Engineer

About The Position

Requirements

• 5+ years combined experience across Azure and enterprise systems engineering, including:
• 2+ years hands‑on Azure in production, 3+ years administering Windows Server/AD DS and M365/Intune in a hybrid environment.
• Strong proficiency with Infrastructure as Code (Terraform or Bicep), scripting (PowerShell; Python a plus), and Git workflows.
• Solid understanding of Entra ID, RBAC/PIM/Conditional Access, and managed identities.
• Experience with Azure networking, virtualization (vSphere/Hyper‑V), storage, and backup/DR.
• Familiarity with observability (Azure Monitor/Log Analytics/KQL) and security tooling (Defender, Sentinel).
• Excellent troubleshooting, documentation, and cross‑team communication skills.

Nice To Haves

• Certifications (one or more): AZ‑104, AZ‑305, AZ‑500, AZ‑700, AZ‑400, MS‑102, VMware VCP, ITIL, CompTIA Security+.
• AKS/Kubernetes (ingress, Helm), container registry (ACR), and container security.
• Policy‑as‑code, identity governance, and automation at scale.
• Experience in healthcare/regulated environments (HIPAA, SOC 2, HITRUST) and change management/ITIL practices.

Responsibilities

• Design and implement Azure landing zones (hub/spoke or vWAN), subscription topology, and policy guardrails aligned to the Well‑Architected Framework.
• Provision and manage compute (VMSS, App Service, AKS), storage (Blob/Files), data services (Azure SQL/MI), and PaaS offerings.
• Build reusable Infrastructure as Code modules (Terraform or Bicep) and CI/CD pipelines (Azure DevOps or GitHub Actions).
• Drive FinOps practices: budgets, tags, right‑sizing, reservations/Savings Plans, and monthly optimization reviews.
• Administer Active Directory Domain Services, Group Policy, DNS/DHCP, certificate services (AD CS), file/print, IIS, and RDS.
• Operate Microsoft 365 services (Exchange Online, Teams, SharePoint/OneDrive) and Intune (Autopilot, device compliance/configuration, app lifecycle).
• Support virtualization (VMware vSphere or Hyper‑V), Windows/Linux servers, and enterprise storage (SAN/NAS).
• Operate Entra ID (Azure AD) and hybrid identity (AD DS ↔ Entra), MFA/SSPR, Conditional Access, PIM, RBAC, and managed identities.
• Configure and tune Microsoft Defender for Cloud and Microsoft Sentinel (KQL analytics, workbooks, automation) and integrate with incident response.
• Implement and document HIPAA/SOC 2/HITRUST‑aligned controls, tagging standards, and evidence collection.
• Instrument with Azure Monitor, Log Analytics, and Application Insights; author KQL for dashboards and alerts.
• Own backup/DR patterns (Azure Backup, Site Recovery, and/or Veeam), conduct restoration testing, and track RTO/RPO.
• Author PowerShell and/or Python tooling for lifecycle tasks, drift detection, and self‑service workflows.
• Provide Tier 3 escalation, participate in a rotating on‑call schedule, document runbooks/reference architectures, and mentor junior engineers.

Benefits

• Paid time off: full-time employees receive an attractive time off package to balance your work and personal life
• Employee benefits package: full-time employees receive health, dental, vision, retirement, life, & more
• Top-notch training: initial, ongoing, comprehensive, and supportive
• Career mobility: advancement opportunities/promoting from within
• Welcoming, warm, supportive: a work culture & environment that promotes your well-being, values you as human being, and encourages your health and happiness