IT System Administrator

Mô tả công việc

This mid-level IT Administrator role is a hands-on, on-site generalist position responsible for the day-to-day operation, security, and improvement of the local site's IT environment, and for providing remote IT support to the other corporate locations within the holding company. The role is hired directly into the local corporation. In future years, the holding company plans to consolidate IT services under a shared-services entity (CMC IT Solutions); this IT Administrator is expected to transition into that entity once the team is fully oriented on the corporate IT playbook and operating strategy.

IT Infrastructure Management

• Operate and maintain all hardware, software, and network systems at the local site, including Sophos firewalls, Ubiquiti switching and Wi-Fi, Proxmox hosts, Synology storage, and Windows servers
• Maintain the site-to-site VPN connections to other holding company corporate locations and verify tunnel health daily
• Monitor system performance, troubleshoot incidents, and ensure maximum uptime for production systems (ERP, PDM/Autodesk Vault, file shares, AD/DNS/DHCP) at the local site and, remotely, at other corporate locations
• Plan and execute regular maintenance windows, firmware/OS patching, and backup verification (Veeam, Synology repository)
• Manage local Active Directory, Microsoft 365, Bitwarden, and endpoint protection (Microsoft Defender E5, SentinelOne) in coordination with IT peers at the other corporate locations
• Implement IT strategies and policies aligned with the holding company's corporate playbook to support business objectives across all sites

Technical Support (Local and Remote)

• Provide first-line and second-line support to local employees for hardware, software, network connectivity, and system access issues
• Provide remote support to employees at other holding company corporate locations during overlapping business hours, including covering for IT peers when they are out of office or unavailable
• Prioritize and resolve support tickets in a timely manner, escalating complex issues to vendors, specialists, or IT peers at other corporate locations when appropriate
• Develop and maintain documentation, runbooks, and end-user knowledge-base articles in both English and the local language
• Onboard and offboard employees: provisioning of accounts, devices, MFA, Bitwarden access, and physical access

Security and Compliance

• Implement and maintain security controls aligned with NIST SP 800-171 Rev 3 
• Conduct periodic security audits, vulnerability scans, and risk assessments at the local site and remotely at other corporate locations; remediate findings
• Administer MFA, conditional access, account lifecycle, and least-privilege access in Microsoft 365, Active Directory, and Bitwarden across the holding company tenant
• Ensure compliance with local data protection and export-control regulations and report incidents per corporate policy

Vendor Management

• Liaise with local internet service providers, hardware suppliers, and managed service providers to procure equipment, licenses, and support
• Evaluate vendor performance, negotiate contracts and SLAs, and ensure services meet the holding company's corporate standards
• Coordinate hardware logistics, customs/import requirements, and warranty/RMA processes for the site, including remote coordination of shipments to other corporate locations when needed

IT Planning and Budgeting

• Contribute to the site IT budget: forecast expenses, track spend, and propose cost-effective solutions
• Identify opportunities for process improvement and technology upgrades that improve efficiency and reduce risk across the holding company's locations
• Stay current on emerging technologies and trends and make adoption recommendations to local and holding company IT leadership

Future Transition to Shared-services IT Entity

• Participate in onboarding to the holding company's corporate IT playbook, security standards, and ways of working
• In future years, transition employment to the holding company's planned shared-services IT entity, while continuing to support all corporate locations under a unified operating model
• Help build standardized processes, documentation, and tooling now so that the future team starts from a mature, well-documented foundation

Technology Environment

The successful candidate will work with the holding company's standard technology stack, used across all corporate locations:

• Sophos Hardware firewalls; site-to-site VPN tunnels 
• Ubiquiti UniFi LAN/Wi-Fi (USW Pro 24/48 PoE switches, USW Pro Aggregation, U6 LR / U6 Pro access points, Cloud Key Gen2 Plus)
• Supermicro servers running Proxmox VE 8.4 hypervisor (e.g., SYS-112H-TN) hosting Windows Server 2022 Datacenter domain controllers and application VMs
• Veeam Backup & Replication 12 running on a Supermicro Windows Server 2025 backup host
• Synology NAS file server with another Synology NAS as backup repository / storage target
• Off-site cloud backup
• Microsoft 365 (shared global tenant), Microsoft Defender E5, SentinelOne 
• Bitwarden corporate password manager (role-based collections)
• Odoo ERP (Odoo.sh hosted) and Autodesk Vault with Microsoft SQL Server 2019 file/transaction replication
• Active Directory, Group Policy, DNS, DHCP, and Windows patch management
• Building/physical security and video surveillance integration

Yêu cầu công việc

• Bachelor's degree in Information Technology, Computer Science, or a related field, or equivalent proven experience, preferably in a small to medium-sized company environment
• 3-6 years of hands-on IT generalist experience covering networking, Windows Server, virtualization, storage, and end-user support
• Strong working knowledge of: Sophos (or comparable enterprise) firewalls, enterprise networking, Proxmox or VMware virtualization, Veeam backup, Synology NAS, Active Directory, Microsoft 365, and endpoint protection (Microsoft Defender, SentinelOne, or similar)
• Familiarity with NIST SP 800-171, or equivalent security framework experience
• Excellent problem-solving skills and the ability to prioritize tasks and work under pressure with minimal on-site supervision
• Effective communication and interpersonal skills, with the ability to interact with employees at all levels of the organization across multiple corporate locations and time zones
• Professional working proficiency in English in addition to the local language, sufficient to provide remote support to colleagues at other holding company locations
• Relevant certifications are a plus (e.g., CompTIA Network+/Security+, Microsoft MS-102/AZ-104, Sophos Certified Engineer, Ubiquiti UBWA/UEWA, Veeam VMCE)

Tại sao bạn sẽ yêu thích làm việc tại đây

• 13th month salary 
• 18 days of paid time off per year. 
• Holiday pay 
• Professional development opportunities. 
• Annual company trip. 
• Private health insurance + annual health check