Senior Windows Platform Engineer

Key Responsibilities

Platform Engineering & Automation

• Enhance and extend our enterprise Ansible Automation Platform (AAP) implementation, building sophisticated automation workflows for Windows provisioning, configuration management, and orchestration
• Design and maintain CI/CD pipelines using GitHub Actions integrated with PowerShell scripts, Ansible playbooks and AAP for automated Windows image baking, testing, and deployment
• Develop and optimize golden image pipelines for Windows Server (2016, 2019, 2022, 2025) across Azure, AWS, and VMware environments using Infrastructure as Code principles
• Create reusable Ansible modules for Windows, PowerShell DSC configurations, and Python-based automation tools that enable self-service capabilities for application teams
• Build integration workflows between GitHub Actions, AAP, and enterprise tooling via REST APIs (ServiceNow, monitoring platforms, CMDB, orchestration tools)
• Drive Windows containerization initiatives, supporting application teams with Windows container and Docker on Windows strategies
• Continuously improve automation framework performance, reliability, and maintainability based on operational feedback

Enterprise Windows Operations & Architecture

• Serve as subject matter expert for Windows Server across all versions, editions and deployment models
• Architect and manage Windows update (like WSUS/SCCM/Intune/Windows Update for Business) infrastructure for patch management, content lifecycle, and GxP compliance reporting
• Own the Windows platform lifecycle: planning, hardening standards (CIS, STIG, Microsoft Security Baselines), patching strategies, and end-of-life migrations
• Design and implement scalable solutions for Windows workloads across multi-cloud and hybrid environments
• Establish and enforce Windows standards, best practices, and architectural patterns aligned with pharma GxP compliance requirements
• Evaluate and integrate emerging Windows technologies (Azure Arc, Windows Admin Center, Azure Automanage) as business needs evolve
• Ensure Windows platforms meet validation requirements for GxP-regulated systems
• Manage Active Directory integration, Group Policy design, and domain services architecture in partnership with Identity teams

Stakeholder Partnership & Integration

• Partner with application owners, SQL Server DBAs, .NET development teams, integration teams, and Oracle administrators to understand requirements and embed them into standardized platform offerings
• Translate complex business and application requirements into technical Windows platform capabilities
• Collaborate with Cloud Engineering, Security, Network, and Storage teams on cross-functional initiatives
• Lead technical discovery sessions and provide consultative guidance on Windows platform capabilities
• Participate in architecture review boards and provide Windows expertise for new initiatives and M&A integrations
• Work with Quality Assurance and Validation teams to ensure Windows automation supports GxP compliance and validation activities
• Support IIS web server configurations and .NET application hosting requirements

Technical Leadership & Escalation Support

• Function as Tier 3/4 escalation point for Service Desk and IT Operations on all Windows-related incidents and problems
• Lead root cause analysis for critical Windows platform issues and drive permanent remediation
• Mentor junior engineers and operations staff on Windows fundamentals, automation techniques, and troubleshooting methodologies
• Provide on-call support rotation for critical production Windows infrastructure, PowerShell automation techniques, and troubleshooting methodologies
• Create and maintain technical documentation, runbooks, and knowledge base articles aligned with GxP documentation standards

Windows Platform Management

• Assist with the maintenance of our CMDB
• Maintain and evolve our Windows platform management environment
• Audit participation and remediation
• Collaborate and assist with other core tools to be integrated in the platform

Technical Expertise

• 7+ years of hands-on Windows server administration experience with deep expertise in Windows Server (2016, 2019, 2022, 2025)
• Expert proficiency with PowerShell scripting (5.1 and 7+) including advanced functions, modules, error handling, and automation framework development
• Expert level of proficiency with Ansible Automation Platform (AAP/Tower/Controller), including complex workflow development, role creation, dynamic inventories, and job templates
• Advanced proven experience with GitHub Actions for CI/CD pipeline development and integration with Ansible automation workflows
• Advanced scripting capabilities in Python and Bash for automation, API integration, and systems programming
• Extensive Experience with Windows update management solutions (WSUS, SCCM, Intune, or Windows Update for Business)
• Deep understanding of Windows internals: Registry, Services, WMI/CIM, Event Logs, Performance Counters, and security (Windows Firewall, AppLocker, Windows Defender)
• Experience with cloud-native Windows deployments in AWS (EC2, Systems Manager, AMI building) and Azure (VMs, Azure Automation, custom images)
• Hands-on experience with VMware vSphere Windows guest management and integration
• Proficiency with Git/GitHub for version control, branch strategies, and Infrastructure as Code workflows
• Experience consuming and developing REST APIs for system integration and automation
• Understanding of CI/CD principles and GitOps methodologies

Platform & Integration Experience

• Working knowledge of application requirements for SQL Server, Oracle databases on Windows, .NET applications, and enterprise integration patterns
• Experience with Windows Server roles and features: IIS, DNS, DHCP, File Services, Remote Desktop Services
• Understanding of PowerShell Desired State Configurations (DSC) principles and implementationFamiliarity with monitoring and observability tools (Prometheus, Grafana, Splunk, Datadog, SCOM, or similar)
• Experience building and maintaining golden images with security hardening and compliance controls built-in

Soft Skills & Business Acumen

• Excellent communication skills with ability to translate technical concepts for non-technical stakeholders
• Proven track record of partnering with application teams and understanding business requirementsStrong analytical and troubleshooting skills with methodical problem-solving approach
• Self-directed with ability to manage multiple priorities in a fast-paced pharmaceutical environment
• Customer service mindset with experience in escalation management
• Collaborative team player who can work effectively across organizational boundaries

Preferred Qualifications

• Microsoft Certified: Windows Server Hybrid Administrator Associate or Microsoft Certified: Azure Administrator Associate
• Experience in regulated pharmaceutical/life sciences environments with GxP system validationContainer platform experience (Windows Containers, Docker on Windows, Azure Container Instances)
• Infrastructure as Code tools: Terraform, Packer for Windows image building
• Experience with HashiCorp Vault or secrets management platforms
• Cloud certifications (Azure Solutions Architect, AWS Solutions Architect)
• Agile/DevOps methodology exposure and experience working in sprint-based delivery models
• Experience with security hardening and compliance automation (Security Compliance Toolkit, Group Policy automation
• Understanding of GAMP 5 principles and CSV (Computer System Validation) processes
• GitHub Advanced Security or similar DevSecOps tooling experience
• PowerShell Gallery contributions or open-source PowerShell module development
• Experience with Windows Admin Center and Azure Arc for hybrid management
• Knowledge of Azure Automation State Configuration or AWS Systems Manager State Manager

• Education: Bachelor's degree
• Proficiency in English Language
• Pharmaceutical experience preferred, or other regulated industry
• Hybrid platform experience (Cloud (specifically AWS and Azure) and on-premises)