Systems Administrator

Position Description

Seeking an experienced Windows 11 Platform System Administrator / Developer to work as part of a team to manage and evolve the Laboratory’s enterprise Windows 11 platform as a product. This position will focus on leveraging modern DevSecOps principles and tools to optimize platform management, enhance integration with systems management platforms such as HCL BigFix, and develop custom solutions for patching, systems management, and security compliance. The role requires a strong emphasis on automation, scripting, and continuous improvement to drive efficiencies and ensure the platform meets evolving operational and security requirements. This position will collaborate closely with other IT groups, including identity and cyber teams, as well as the Laboratory’s Service Center, to ensure seamless distribution and compatibility across supported hardware models. Participation in an on-call rotation and occasional off-hour support is required, as is on-site troubleshooting when necessary. This position reports to the End-Point Management group within the Laboratory’s Information Services Department.

Primary Duties

Platform Engineering and Development

• Architect, maintain, and continuously improve the Windows 11 platform as a product, ensuring compatibility with IT agents, security/compliance settings, and hardware across Dell and Microsoft devices.
• Design and implement automation workflows to streamline routine tasks, including monthly updates to the Windows 11 image, patching, and distribution via Microsoft Endpoint Configuration Manager (MSECM) and HCL BigFix.
• Develop custom solutions to enhance patching, systems management, and compliance workflows, leveraging scripting languages such as Python or PowerShell.
• Collaborate with IT teams to integrate the Windows 11 platform with broader systems management tools and frameworks, ensuring alignment with DevSecOps principles.
• Plan and execute compatibility testing and deployment of Windows security updates and OS upgrades via Windows Update for Business and BigFix.

Service Engineering and Support

• Provide Tier 3 service escalation, including collaboration with IT peer groups in both central and research IT. This includes vendor management, knowledge creation, and problem diagnosis with resolution management.
• Support project initiatives through requirements gathering, prototyping, systems design, and validation.
• Develop, publish, and maintain system documentation (e.g., Requirements, Design/Build, Testing, and Standard Operating Procedures) according to project management best practices. Provide training as necessary to ensure effective use of procedures and tools.
• Review security alerts and issues and work with the Laboratory’s Cyber team to address them.
• Collaborate with Microsoft and hardware vendors to plan for and remediate any operational issues for the Windows 11 platform.

Required Skills

• Windows 11 Platform Engineering: Experience managing Windows 11 as a product, including imaging, patching, and integration with systems management platforms such as Microsoft Endpoint Configuration Manager (MSECM) and HCL BigFix.
• Automation and Development: Proficiency in scripting languages such as Python or PowerShell to build automations and custom workflows. Familiarity with Git and CI/CD principles.
• DevSecOps Practices: Strong understanding of DevSecOps principles, including security-by-design, vulnerability remediation, and continuous integration/continuous delivery.
• Security and Compliance: Detail-oriented with the ability to track and implement security and compliance changes, including NIST 800-171 controls.
• Documentation and Communication: Experience maintaining documentation of processes, procedures, troubleshooting guides, and change management. Strong communication skills (presentation, writing, and interpersonal/networking skills).
• Problem-Solving and Collaboration: Very strong problem-solving skills and the ability to work autonomously while reporting status at the appropriate level. Ability to collaborate effectively across multiple teams of varying technical levels.
• Networking Fundamentals: Solid understanding of key networking protocols and troubleshooting (e.g., DNS, NTP, DHCP, SNMP, TCP/IP, SSH, HTTPs, LDAP, SSL/TLS).

Preferred Skills

• Advanced Automation: Experience with advanced scripting and programming techniques to optimize workflows and enhance system efficiency.
• Endpoint Management Strategies: Familiarity with modern endpoint management strategies, including zero-trust architecture principles.
• Security Certifications: Familiarity with Security+ and/or NIST 800-171 compliance controls.
• PKI Concepts: Knowledge of basic PKI concepts, including certificate management and S/MIME.
• ITIL Certification: ITIL v3 Foundations Certification or equivalent.
• Hardware Lifecycle Management: Knowledge of hardware lifecycle management and compatibility testing for enterprise environments.

Other Qualifications

• Ability to obtain and maintain a security clearance is required for this position.
• Position is hybrid where remote work is the norm but occasional on-site presence is required for system troubleshooting as necessary
• Rely on experience and judgment to plan and accomplish goals.
• Role requires flexibility and creative problem-solving skills to address evolving technical challenges.

Administrative Duties

• Develop, publish, and maintain system documentation (e.g., Requirements, Design/Build, Testing, and SOP) according to department standards.
• Develop and deliver training for peers and/or end-users on service features, enhancements, or new applications to increase service adoption and usage.
• Participation in on-call rotation and occasional off-hour support is required.

Minimum Qualifications

• Typically, a Bachelor’s degree plus a minimum of 4 years of experience OR equivalent.
• Detailed hands-on knowledge of the Windows 11 platform, including operational and security architecture.
• Hands-on knowledge of Windows 11 imaging creation, management, and distribution practices and tools, as well as compatibility with Dell and Microsoft hardware platforms.
• Microsoft Windows 11 systems management via BigFix and Active Directory Group Policy.
• Strong knowledge of core networking protocols and troubleshooting (e.g., DNS, NTP, DHCP, SNMP, TCP/IP, SSH, HTTP(s), LDAP, WINS, SSL/TLS, NFS, CIFS).
• Ability to program in a scripting language (e.g., Bash, Python, and/or PowerShell) to automate basic processes.

THIS POSITION CAN BE REMOTE BUT THE CANDIDATE NEEDS TO BE WITHIN 100 MILES OF THE LAB AND COME IN AS NEEDED.