We are seeking a highly skilled Systems Engineer to lead the architecture, implementation, migration, and ongoing support of complex client server environments — both on premises and in the cloud. This role is ideal for a seasoned professional who thrives on designing resilient infrastructure, executing cloud migrations, protecting client data through robust backup and disaster recovery strategies, and producing exceptional documentation that drives consistency and compliance.
You will partner closely with our Senior Network Engineer and broader project teams to deliver outcomes across multi-client, multi-server environments. The ideal candidate combines deep Windows Server and virtualization expertise with strong Microsoft Azure experience, hybrid cloud know-how, and a methodical approach to backup, recovery, and migration work.
Additionally, a successful candidate will collaborate on a wide range of networking work — routing, switching, VLANs, firewalls, VPNs, and Wi-Fi — in addition to their server responsibilities, escalating only the most advanced or architectural items.
Key Responsibilities
Server & Systems Administration
- Architect, deploy, and administer Windows Server environments across multiple clients (Active Directory, DNS, DHCP, Group Policy, file/print services, certificate services).
- Design and manage multi-server environments including domain controllers, application servers, file servers, and management stacks.
- Administer virtualization platforms (VMware vSphere/ESXi and Microsoft Hyper-V), including host provisioning, clustering, resource optimization, and live migrations.
- Perform OS patching, hardening, lifecycle management, and end-to-end server health monitoring.
- Manage storage solutions (SAN/NAS), capacity planning, and performance tuning.
Cloud Engineering (Azure Primary, AWS Secondary)
- Design, build, and operate Microsoft Azure environments — IaaS, virtual networks, storage, Entra ID (Azure AD), backup, Azure Site Recovery, and identity-aware access controls.
- Support and extend AWS environments where applicable (EC2, S3, IAM, VPC) as a secondary cloud platform.
- Work with hosted server environments at Zimcom and other providers to ensure performance, availability, and security across client tenants.
- Implement hybrid connectivity (Site-to-Site VPN, ExpressRoute) in collaboration with the Network Engineering team.
Cloud Migrations
- Lead and execute migrations from on-premises infrastructure to Azure (and secondarily AWS or Zimcom), including assessment, sizing, planning, cutover, and post-migration support.
- Migrate workloads such as Active Directory, file shares, application servers, SQL, and Exchange/Microsoft 365 with minimal client downtime.
- Develop migration runbooks, rollback procedures, and validation checklists for repeatable, low-risk delivery.
Backup, Disaster Recovery & Business Continuity
- Design, deploy, and manage backup strategies for all on-premises servers using BDR (Backup & Disaster Recovery) appliances with replication to cloud.
- Build and validate disaster recovery plans, including documented RPO/RTO targets, failover testing, and recovery validation.
- Monitor backup jobs daily, remediate failures, and produce regular backup/DR posture reports for clients.
- Implement cloud-based backup and replication for Azure and AWS-resident workloads.
Network Administration
Independently administer, configure, and troubleshoot client LAN/WAN/WLAN environments — routers, switches, VLANs, trunking, inter-VLAN routing, and QoS.
- Own day-to-day firewall administration (Fortinet strongly preferred; Palo Alto, SonicWall, Cisco ASA a plus) — policy management, NAT, IPsec/SSL VPN, and remote access.
- Manage wireless controllers and access points, network segmentation, and basic SD-WAN operations.
- Handle network change windows, firmware upgrades, configuration backups, and routine connectivity issues without escalation.
- Maintain accurate network documentation — L2/L3 topology, IP schemes, VLAN plans, firewall rule sets, and site-to-site VPN details.
- Troubleshoot complex connectivity issues across the server↔network boundary using packet captures, logs, and telemetry tools.
Documentation & Compliance
- Produce detailed HLD/LLD diagrams, MOPs (methods of procedure), runbooks, and as-built documentation.
- Maintain configuration baselines, inventories, change records, and standardized rollout templates for repeatable deployments.
- Support compliance with frameworks such as HIPAA, CMMC, and PCI through proper hardening, logging, and documentation practices.
Collaboration & Support
- Partner with project managers, account teams, and the broader engineering team to deliver client outcomes on schedule.
- Serve as a senior escalation point for complex server, virtualization, cloud, and backup/recovery issues, and as a competent owner of most network administration work.
- Participate in rotating on-call coverage and planned maintenance windows.
- Mentor junior engineers and contribute to internal standards, runbooks, and knowledge base.
Qualifications
Must-Haves
- 8+ years of hands-on IT infrastructure experience, with 5+ years focused on server and systems engineering.
- Deep proficiency with Windows Server (current and recent versions) and Active Directory in multi-site, multi-domain environments.
- Strong virtualization experience with VMware and/or Hyper-V (clusters, HA, vMotion/Live Migration, snapshots, host management).
- Demonstrated Microsoft Azure experience — IaaS, virtual networking, storage, Entra ID, and Azure Backup/Site Recovery.
- Hands-on experience executing on-premises to cloud migrations (lift-and-shift and re-platform), particularly to Azure.
- Experience designing and managing backup/DR solutions using BDR appliances with cloud replication.
- Experience operating in multi-server, multi-client environments (MSP, internal IT for multiple business units, or similar).
- Strong hands-on network administration experience — ability to independently own routing, switching, VLANs/trunking, inter-VLAN routing, DNS, DHCP, QoS, and Wi-Fi without day-to-day oversight.
- Hands-on firewall administration (Fortinet strongly preferred; Palo Alto, SonicWall, or Cisco ASA a plus) — policy management, NAT, IPsec/SSL VPN, and remote access.
- Comfortable working on routers, switches, and wireless gear (Cisco, Meraki, Aruba, or similar) including VLAN configuration, port-channels/LAG, and basic routing protocols.
- Working knowledge of site-to-site VPN and hybrid connectivity to Azure/AWS (IPsec, ExpressRoute/Direct Connect concepts).
- Strong troubleshooting, root-cause analysis, and diagnostic skills.
- Exceptional documentation skills and clear written/verbal communication.
- Ability to work onsite daily in Crestview Hills, KY.
Preferred
- Microsoft Azure certifications — Azure Administrator (AZ-104) and/or Azure Solutions Architect (AZ-305).
- Microsoft Server / Identity certifications — MCSA, MCSE, or Microsoft 365 Certified credentials.
- VMware VCP and/or Hyper-V certifications.
- AWS certifications (AWS Solutions Architect, AWS SysOps Administrator) are a plus given AWS as a secondary platform.
- Experience with Zimcom-hosted environments or other Tier-III/IV colocation/cloud providers.
- Experience with Microsoft 365 / Exchange Online tenant administration and migrations.
- Networking certifications (CCNA or higher, Fortinet NSE 4/7+, Meraki CMNA) — strongly desired given the depth of network responsibility in this role.
- Experience with SD-WAN, NAC/802.1X, identity-aware firewall policies, and enterprise Wi-Fi (Meraki, Aruba, Ubiquiti).
- Familiarity with backup platforms commonly paired with BDR appliances (Datto, Veeam, Acronis, Axcient, or similar).
- Familiarity with documentation tools (IT Glue, Hudu, NetBox, Visio, Lucidchart).
- Exposure to compliance/security frameworks (HIPAA, CMMC, PCI, NIST).
- Scripting and automation experience (PowerShell, Bash, Python, or Terraform).
Experience
- Server / systems administration: 5 years (Required)
- IT infrastructure engineering: 8 years (Required)
- Microsoft Azure administration: 3 years (Required)
- Backup / disaster recovery (BDR + cloud): 3 years (Required)
Ability to Commute / Relocate
- Primary work location is Crestview Hills, KY 41017 with occasional travel to client sites.
Pay: $95,000.00 - $125,000.00 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Health savings account
- Life insurance
- Paid time off
- Parental leave
- Retirement plan
- Vision insurance
Application Question(s):
- Are you deeply proficient in Windows Server administration and Active Directory?
- Are you deeply proficient in virtualization (VMware and/or Hyper-V)?
- Do you have hands-on experience administering and migrating workloads to Microsoft Azure?
- Do you have hands-on experience designing and managing backup/disaster recovery using BDR appliances with cloud replication?
- Have you led or executed on-premises to cloud server migrations?
- Are you able to independently contribute to day-to-day network administration tasks (routing, switching, VLANs, firewalls, VPN) in addition to your server responsibilities?
Work Location: In person
