IT Infrastructure Lead

Job Purpose

Lead, secure, and optimize the company’s hybrid IT infrastructure (on-prem & multi-cloud: Azure, AWS, GCP) to ensure robust network performance, system reliability, and alignment with best practices in operations and cybersecurity. Own the roadmap, mentor the team, drive automation, and enable continuous improvement across datacenter and cloud platforms.

Key Responsibilities

1) Infrastructure Maintenance & Administration

• Operate and maintain core infrastructure: servers, storage, FortiGate firewalls, Cisco/HPE switches, wireless controllers/APs, and structured cabling to achieve high availability.
• Configure, monitor, and troubleshoot Layer 2/3 networking (VLANs, STP, LACP/EtherChannel, OSPF/BGP).
• Administer controller-based wireless (SSIDs, 802.1X, roaming, RF tuning, firmware lifecycle).
• Manage firewall policies, NAT, site-to-site/remote VPNs, routing rules, and secure segmentation/QoS across WAN/MPLS/SD-WAN; coordinate with ISPs/vendors.
• Maintain endpoint visibility and access control via NAC; keep configs, backups, and change logs current and auditable.

2) System & Application Design (Hybrid & Multi-Cloud)

• Design, implement, and operate systems supporting enterprise apps, identity, email, and web across on-prem and cloud.
• Build/manage hybrid & multi-cloud workloads:
• Azure: VNets, NSGs, VPN/ExpressRoute, Load Balancer, Storage, Key Vault, Entra ID (Azure AD).
• AWS: VPC, Security Groups/NACLs, Site-to-Site VPN/Direct Connect, ALB/NLB, S3/EBS, KMS, IAM.
• GCP: VPC, firewall rules, Cloud VPN/Interconnect, Cloud Load Balancing, Cloud Storage, KMS, IAM.
• Oversee backup & DR (Veeam, Azure Backup/ASR, AWS Backup, GCP DR patterns) with routine restore testing; align to BCP/RTO/RPO.
• Integrate AD/Entra ID and SSO/Conditional Access/device join across environments.

3) Technology Advancement, Automation & Optimization

• Lead modernization: VMware consolidation, hybrid/multi-cloud integration, phased migrations to Azure/AWS/GCP.
• Implement Automation & IaC: Terraform (multi-cloud), PowerShell, Python, Ansible; ARM/Bicep, AWS CloudFormation, GCP Deployment Manager.
• Establish CI/CD for infrastructure (GitHub Actions, Azure DevOps, GitLab CI, Jenkins) with linting, policy checks, approvals, and secrets hygiene (GitOps desirable).
• Optimize for performance, scalability, resilience, and cost (rightsizing, reservations, tagging/budgets).
• Deploy observability (PRTG, ManageEngine, Azure Monitor/Log Analytics, CloudWatch, Cloud Monitoring) for proactive health/alerts and SLO dashboards.

4) Network Support & Documentation

• Provide L2 escalation for infra/connectivity/performance (switching, routing, firewall, wireless, cloud connectivity).
• Troubleshoot WAN/MPLS/SD-WAN with ISPs and vendor TAC; drive root-cause analysis and preventive actions.
• Maintain topology diagrams, IP schemas, runbooks, configuration repos; ensure rigorous change management and governance.

5) Leadership, Governance & Vendor Management

• Mentor and guide infrastructure engineers; establish standards, SOPs, and best practices.
• Own the infrastructure roadmap, lifecycle management, and capacity planning; contribute to annual budgets and cost control (FinOps basics).
• Define and track SLAs/OLAs, uptime/DR metrics, and improvement OKRs/KPIs.
• Manage vendors and service providers, evaluate proposals, and ensure contract/SOW compliance.
• Align with audit, compliance, and cybersecurity requirements (e.g., ISO 27001/NCA), coordinating with SOC/GRC as needed.

Qualifications

Required

• Bachelor’s degree in Computer Engineering, Computer Science, or related field.
• Certifications: CCNA and (CCNP or Fortinet NSE4).
• Experience: 5–7 years hands-on in network & infrastructure support, including hybrid/multi-cloud operations and team/technical leadership exposure.
• Multi-Cloud Infrastructure (hands-on):
• Azure: VNets, NSGs, VPN/ExpressRoute, Load Balancers, Storage, Key Vault, Entra ID (Azure AD).
• AWS: VPC, Security Groups/NACLs, Site-to-Site VPN/Direct Connect, ALB/NLB, S3/EBS, KMS, IAM.
• GCP: VPC, firewall rules, Cloud VPN/Interconnect, Cloud Load Balancing, Cloud Storage, KMS, IAM.
• Automation & IaC: Terraform (multi-cloud), PowerShell, Python; plus ARM/Bicep, AWS CloudFormation, GCP Deployment Manager; Ansible for config management.
• CI/CD for Infrastructure: Pipelines with GitHub Actions, Azure DevOps, GitLab CI, or Jenkins (plan/apply gates, policy-as-code, secrets management).
• Networking: Cisco/HPE switching & routing (VLANs, STP, OSPF/BGP, LACP), FortiGate (policies, NAT, VPN), SD-WAN, NAC.
• Virtualization & DR: VMware (HA/DRS, vSwitch), Veeam/Azure Backup/AWS Backup/ASR.
• Monitoring/observability with PRTG/ManageEngine and cloud-native tools (Azure Monitor, CloudWatch, Cloud Monitoring).
• Strong documentation, change management, incident/problem management.

Preferred / Nice to Have

• Azure AZ-104/AZ-305, AWS Solutions Architect (Assoc/Pro), GCP Associate Cloud Engineer/Professional Network Engineer.
• VMware VCP, ITIL Foundation, SD-WAN vendor certs.
• GitOps (Argo CD/Flux), policy-as-code (OPA/Conftest), Zero Trust networking concepts, and FinOps cost governance