Senior System Administrator - Tech

Role Summary:
Own the stability, scalability, and security of our hybrid infrastructure (on-prem + cloud), Act as technical control owner: access control, logging/SIEM, hardening, backup/DR, and vendor/outsourcing tech controls. Mentor L1/L2, lead L3 incidents, automate operations, and maintain clean audit evidence mapped to LAW 139.

Key Responsibilities:
Operations & Reliability

• Ensure >=99.9% availability across servers, VMs, storage, and core services.
• Plan/execute OS, database, and middleware patching with validated rollback.
• Capacity planning; optimize cloud/on-prem cost and performance.
• Build monitoring/alerting (e.g., Zabbix); tune thresholds.

Security & Compliance

• Implement CIS baselines for Linux/Windows, network devices, and databases.
• Enforce IAM/RBAC, MFA, PAM for privileged accounts; quarterly access reviews and JML controls.
• Centralize logs with immutable retention; integrate with SIEM use-cases.
• Lead annual BCP/DR tests; achieve RPO/RTO; maintain runbooks and immutable evidence.
• Coordinate vulnerability scanning and penetration tests; drive remediation to SLA.

Cloud, Virtualization & Automation

• Administer VMware/Hyper-V/Openstack and Azure (compute, storage, virtual networking, identity).

Networking & Perimeter

• Manage routing/switching, FortiGate firewalls, IPsec VPNs (incl. partner tunnels - e.g., RAYA), WAF/LB, DNS/DHCP/NTP.
• Maintain segmentation (prod/non-prod/mgmt) and secure remote access with MFA and logging.

Data Platforms & Core Services

• Administer AD/Azure AD, PKI/internal Enterprise CA (cert lifecycle), 3CX VoIP integration. Platform operations for MySQL (TLS,
• backups/replication/HA), backup & restore (Veeam)
• Support endpoint security (Kaspersky Next EDR + KES on Ubuntu/Windows).

Change, Incident & Problem Management

• Lead L3 incident response and RCAs; maintain problem backlogs and corrective actions.
• Chair or contribute to CAB, document change plans and backout complete PIRs.
• Mentor Helpdesk/Desktop teams, keep knowledge base and SOPs current.

Requirements:

• 10+ years in systems administration / infrastructure engineering (increasing responsibility).
• Deep Linux (Ubuntu/RHEL) and Windows Server; strong AD/Azure AD.
• VMware/Hyper-V and Azure proficiency (VMs, VNets/VPN, storage, identity).
• Networking: TCP/IP, VLANs, routing, IPsec, FortiGate policy/NAT, TLS/PKI.
• Backup/DR operations with proven restore; replication/failover orchestration.
• Security operations: patch/vulnerability management, SIEM integration, baseline hardening.
• Scripting/automation: PowerShell, Bash.
• ITIL practices (incident/change/problem) audit-ready documentation and evidence handling.

Preferred (Nice-to-Have):

• Fintech/regulatory experience; FRA technology audits.
• MySQL HA (InnoDB Cluster/Group Replication) and performance basics.
• Identity governance/PAM, EDR/XDR, DLP, email security gateways.
• Experience with Kaspersky KES for Linux and Windows endpoints, 3CX administration.

Certifications (Plus):

• Microsoft: MCSA/MCSE
• Linux/Cloud: RHCSA/RHCE, LFCS/LFCE)
• Security: ISO/IEC 27001 Lead Implementer/Auditor, Security+, CySA+.
• Networking: Fortinet NSE 4/5, CCNA/CCNP.
• ITIL v4 Foundation (or higher).

Governance, Risk & Compliance Responsibilities:

• Map platform controls to FRA LAW 139/2023; maintain live Control-to-Evidence matrix.
• Keep policies/runbooks current, perform quarterly access reviews and annual DR tests.
• Store immutable evidence (configs, screenshots, tickets, logs) for audits.
• Participate in risk assessments, CAB, and post-incident RCAs.

Benefits:
Attractive Package