Job
Description
Area What Youll Own Identity & Access - Architecture, health, and lifecycle management of Active Directory, Azure AD, group policy, conditional access, SSO, MFA.- Joiner-Mover-Leaver processes, audit readiness, role-based access reviews. Network & Perimeter - Enterprise-class firewalls, routers, switches, load balancers, site-to-site VPNs, SD-WAN, and Internet Leased Lines (ILL).- Network segmentation, QoS, and continuous monitoring (NetFlow, SNMP, syslog, NMS). Cloud & Compute - Windows/Linux server estate (on-prem and IaaS), virtualization (VMware/Hyper-V), storage, backup, DR/BCP.- Collaboration with DevOps/SaaS teams to enforce landing-zone standards and secure connectivity. Endpoint & Mobility EDR/XDR platform (e.g., CrowdStrike, Microsoft Defender, SentinelOne)\u2014policy tuning, threat-hunting, incident response. Mobile Device Management (Intune, Workspace ONE, Jamf) for laptops, phones, and BYOD; device compliance & encryption enforcement. Security & Compliance - Patch, vulnerability, and endpoint protection strategy.- Firewall ruleset hygiene, IPS/IDS tuning, zero-trust and least-privilege principles.- Support for ISO 27001, SOC 2, GDPR, HIPAA, or similar frameworks. Own ISO 27001 controls (A.5A.18), evidence collection, internal audits, and external surveillance & recertification audits. Map controls to SOC 2 / GDPR / HIPAA where relevant. Drive vulnerability management, patch cadence, zero-trust micro-segmentation. Maintain SIEM/SOAR integrations. Strategy & Governance - 3-year infrastructure roadmap, budget planning, vendor selection & contract negotiation.- KPIs/SLAs, capacity planning, license compliance, documentation, and policy enforcement. Leadership & Support - Mentor a team of network/system admins (3-6 FTE) plus MSP partners.- Escalation point for P1 incidents; manage major incident bridge, RCA, post-mortems.- User-centric mindset\u2014drive automation and self-service to reduce MTTR and service tickets. Required Qualifications Education: Bachelors degree in Computer Science, Information Systems, or related field (or equivalent experience). Experience: 10+ years in enterprise infrastructure roles, including 3+ years managing teams and multi-site networks for ~300 users. Technical depth in: o Active Directory, Azure AD/Entra ID, GPO, LDAP, DNS, DHCP. o Next-gen firewalls (Palo Alto, Fortinet, Cisco ASA/Firepower, etc.). o Endpoint security platforms (CrowdStrike, Defender, SentinelOne, Falcon Insight, etc.). o MDM/UEM suites (Intune, Workspace ONE, Jamf, or similar). o Routing & switching (OSPF/BGP, VLANs, spanning-tree, PoE, wireless controllers). o WAN technologies\u2014ILL, MPLS, SD-WAN\u2014and ISP/vendor management. o Virtualization (VMware ESXi/VCF or Hyper-V) and Windows/Linux server administration. o Backup/restore and DR replication (Veeam, Zerto, or similar). o Scripting/automation (PowerShell, Python, Ansible) and infrastructure-as-code concepts. o Audit leadership for ISO 27001; familiarity with SOC 2 Type II reporting. Certifications (any of): CCNP/CCIE, PCNSE/NSE 7+, Microsoft Entra ID or Azure Architect, VMware VCP-DCV, ISO 27001 Lead Auditor/Lead Implementer, CISSP/CISM, ITIL v4. Preferred/Bonus Skills Experience integrating on-prem AD with Microsoft 365, Intune, and conditional access. Familiarity with zero-trust network architecture and micro-segmentation projects. Exposure to SIEM/SOAR platforms (Splunk, Sentinel) and incident response playbooks. Track record of cost optimization (cloud egress, telco contracts, license audits). ITIL v4 certification and service-management process ownership. Personal Attributes Incident Commander: Calm, decisive, data-driven under pressure. Problem-solver: Data-driven, automation-first mindset, relentless focus on root cause. Leadership: Empowers and develops technical staff; calmly leads during outages. Strategic thinker: Balances immediate fixes with long-term modernization. Communicator: Translates tech risks and requirements into business language for executives. Strategic Builder: Balances quick wins with long-term modernisation and cost-optimisation.
