Windows Server Hybrid Administrator Associate

Edi Matrix LLC
Columbus, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote
Columbus, United States of America

Tech stack

.NET
Microsoft Active Directory
JIRA
Azure
Cloud Computing
System Configuration
Dynamic Host Configuration Protocol
Distributed File Systems
Disaster Recovery
DNS
IIS
Subnetting
Virtual Private Networks (VPN)
Kerberos (Protocol)
Log Analysis
Microsoft Security Essentials
System Center Configuration Manager
Windows Server
Routing
NT LAN Manager
OpenID
Performance Tuning
Powershell
Ansible
Runbook
Security Assertion Markup Language (SAML)
TCP/IP
Software Vulnerability Management
Web Platforms
Data Logging
Load Balancing
Cloud Platform System
Cloud Monitoring
Bicep
Perfmon
CIS Benchmarks
Firewall Services Module
Terraform
Splunk
Event Viewer
Wsus
ServiceNow

Job description

This Microsoft infrastructure administrator will assist with the management of Windows Server, Active Directory, Group Policy, IIS, and Azure IaaS resources. This role will be responsible for day-to-day operations, security hardening, automation, and high-availability support across on-premises and cloud environments. This position will partner closely with network, security, and application teams to ensure reliable service delivery and continuous improvement., * Windows Server Administration: Configure and maintain Windows Server (2016-2025); manage roles/features (AD DS, DNS, DHCP, DFS, File Services), patching, performance tuning, and capacity planning.

  • IIS Administration: Configure and support IIS websites and applications, including application pools, bindings, SSL/TLS certificates, URL Rewrite/ARR, security hardening, and log analysis; optimize availability and performance.
  • Azure IaaS: Manage Azure VMs, VM Scale Sets, disks/storage, Azure Files, VNETs, subnets, NSGs/ASGs, Load Balancer/App Gateway, Bastion; implement backup (Azure Backup), DR (Azure Site Recovery), monitoring/alerts (Azure Monitor), and cost governance.
  • Active Directory (AD): Maintain domain health and replication; manage OU structure, users, groups, GMSAs, service accounts, and delegated permissions; troubleshoot authentication/Kerberos/NTLM issues.
  • Monitoring & Troubleshooting: Use native tools and platforms (Event Viewer, PerfMon, Azure Monitor, Log Analytics) to proactively detect and resolve issues impacting availability, performance, or security.
  • Group Policy (GPO): Design, implement, and maintain GPOs for security baselines, server configurations, and compliance; perform impact testing and change control.
  • Security & Compliance: Apply CIS/Microsoft security baselines, TLS configurations, vulnerability remediation, endpoint hardening, and log review; partner with security for audits and incident response.
  • Automation & Scripting: Build PowerShell scripts/modules to automate routine tasks (provisioning, patching, reporting) and Infrastructure-as-Code (e.g., Bicep/ARM/Terraform) for repeatable deployments.
  • Documentation & Change Management: Produce and maintain SOPs, diagrams, inventories, and runbooks; follow ITIL change/incident processes; contribute to knowledge base.
  • Collaboration & Support: Serve as escalation point for server/web platform issues; coordinate with app owners on deployments, certificates, and integration.
  • Lifecycle & Projects: Lead or support upgrades, migrations, re-platforming, and cloud adoption initiatives; drive standardization and modernization.
  • IRS 1075 Compliance: Provide answers and documentation, and implement changes required as part of IRS audit findings.

Requirements

  • Experience: 5-7+ years administering Windows Server, AD, GPO, and IIS in mid-to-large enterprise environments.

  • Technical Proficiency:

  • Windows Server (2016-2025), AD DS, DNS, restores.

  • Group Policy design and troubleshooting (RSOP, GPMC, GPResult).

  • IIS configuration, SSL/TLS, bindings, app pools, URL Rewrite/ARR, logging.

  • Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics).

  • PowerShell scripting (automation, modules, REST/Graph, CLI).

Process & Practices: Strong documentation, change control, and incident/problem management (ITIL).

Soft Skills: Clear communicator, collaborative, organized, and able to prioritize across multiple stakeholders and deadlines.

Preferred Qualifications

  • Certifications:

  • Microsoft Certified: Azure Administrator Associate (AZ-104), Windows Server Hybrid Administrator Associate (AZ-800/AZ-801)

  • PlNice to Have: Azure Network Engineer (AZ-700)

Enterprise Tools: Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira.

Networking: Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints.

Web/App Integration: Familiarity with .NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS.

· Infrastructure-as-Code & Config: Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints.

  • Azure DevOps: Experience with server-side configurations

REQUIRED:

  1. 5-7+ years administering Windows Server, AD, GPO, and IIS in mid to large enterprise environments - Required - 7 Years
  2. Group Policy design and troubleshooting (RSOP, GPMC, GP Result) - Required
  3. Windows Server (2016-2025), AD DS, DNS, restores - Required
  4. IIS configuration, SSL/TLS, bindings, app pools, URL Rewrite/ARR, logging - Required
  5. Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics) - Required
  6. PowerShell scripting (automation, modules, REST/Graph, CLI) - Required
  7. Azure Administrator Associate (AZ 104), Windows Server Hybrid Administrator Associate (AZ 800/AZ 801) - Required
  8. Azure Network Engineer (AZ 700) - Nice to Have
  9. Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira - Required
  10. Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints - Required
  11. Familiarity with .NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS - Required
  12. Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints - Required

Apply for this position