Cette offre d'emploi n'est plus disponible
Systems Administrator - Tier II
Yield Solutions Group
- Commerce City, Colorado, United States
- Commerce City, Colorado, United States
À propos
Provision and deprovision user accounts across Active Directory, AWS IAM, and the full RefiJet SaaS stack. When a new employee onboards you build out the complete access profile, not just the basic account.
Resolve Tier I escalations in this domain: stuck MFA enrollments, IAM role misconfigurations, permission conflicts in GitLab, and access inconsistencies that require actual investigation to diagnose.
Maintain access documentation that reflects current state at all times. In a SOC 2 environment, access records are audit evidence. Endpoint & Device Management
Image, configure, and manage workstations across the organization using Microsoft Intune and Autopilot. Own the full device lifecycle from Autopilot enrollment and provisioning profile assignment through Intune configuration policy application, compliance policy enforcement, and patch cycle execution scheduling, documentation, and remediation included.
Verify endpoint compliance against SOC 2 control requirements using Intune's compliance reporting. When a gap surfaces and SOC 2 audits surface them you own the remediation and the written record of what you did. Troubleshoot Autopilot enrollment failures and Intune policy conflicts before they require escalation.
Coordinate with the Director of IT/InfoSec on endpoint policy standards and any findings that require a policy-level response. Server & Infrastructure Operations
Monitor on-prem and AWS resources on a routine basis: health checks, capacity monitoring, performance baselines.
Execute maintenance windows, including OS patching, disk management, and scheduled restarts. Coordinate with DevOps before touching anything that sits under the Java Spring Boot services running in AWS.
Document all infrastructure changes in a change log that can be reviewed without your presence to explain it. Network & Connectivity
Manage DNS and DHCP configurations. Troubleshoot VPN issues at the routing and configuration level, not just the client level. Review firewall ACLs when connectivity issues require it.
When an issue requires DevOps or InfoSec escalation, hand it off with a clear, specific problem statement what you've ruled out, what you believe the root cause is, what you've already tried. Security Operations
Participate in vulnerability remediation cycles under the direction of the Director of IT/InfoSec. This means executing the operational work: patching, configuration changes, verification, and documentation.
Work with the DevOps team to respond to Datadog alerts that are security-adjacent with the same operational rigor as any other alert: acknowledge, work the runbook, escalate with context when the runbook doesn't resolve it.
Enforce endpoint compliance policies in a way that holds up against FCRA, GLBA, and SOC 2 requirements. The Director of IT/InfoSec owns the strategy; this role is the operational execution arm. Application & SaaS Administration
Administer the full productivity and collaboration stack at the admin level: GitLab, AWS console access management, and the line-of-business applications that support the loan processing pipeline.
Handle backend configuration changes that end users never see permission structures, integration settings, SSO configurations, license management and document every change.
Serve as the internal subject matter contact for admin-level issues on the platforms you own. When something breaks in a way users cannot fix themselves, it comes here. Backup & Recovery
Verify that backup jobs completed successfully across all covered systems. Identify and respond to failures before they become recovery events.
Work with the DevOps team to run scheduled restore tests against PostgreSQL and MariaDB instances connected to live lender data. Document the results in a format that demonstrates the test was actually performed and the restore was actually validated.
Maintain recovery documentation that is current and tested, not aspirational. Monitoring & Alerting
Own the operational response side: acknowledging alerts, working through established runbooks, and escalating with full context when escalation is warranted.
Contribute to runbook maintenance when gaps or inaccuracies are identified. You are not building the observability stack that is DevOps but you are its primary operational consumer, and that means you have standing to flag when it needs improvement. Documentation
Maintain runbooks, SOPs, and change logs for every operational domain you own. This is not supplemental work it is a core deliverable in a SOC 2 environment.
Write documentation that a colleague or auditor can follow independently, without asking you clarifying questions. Ambiguous documentation in a regulated environment is a liability. Escalation Triage
Receive everything Tier I cannot resolve. Diagnose it accurately. Either resolve it or escalate it to DevOps, InfoSec, or a vendor with a specific, well-documented problem statement.
The standard here is clean handoff, not necessarily full resolution. Passing a vague ticket upward is not an acceptable outcome at any escalation level. --- Required Skills & Experience
3+ years in a systems administration role, with clear Tier II or higher responsibilities (not just Tier I volume with a different title)
Active Directory administration: user and group management, group policy, troubleshooting authentication and access issues in Windows-based environments
Microsoft Intune: configuration policy management, compliance policy enforcement, device enrollment, and the compliance reporting that SOC 2 audits require
Microsoft Autopilot: deployment profile creation and assignment, enrollment troubleshooting, and hardware provisioning workflows for new and replacement devices
AWS IAM at an operational level: creating and managing roles, policies, and users; identifying and resolving access misconfigurations; understanding how IAM interacts with services running in the environment
Datadog or equivalent monitoring platform: alert acknowledgment, runbook execution, escalation workflows, and enough observability literacy to know when an alert is noise versus signal
Network fundamentals applied in practice: DNS and DHCP configuration management, VPN troubleshooting beyond the client layer, firewall ACL review, routing concepts sufficient to diagnose and describe connectivity issues accurately
Backup and recovery: hands-on experience verifying job completion, executing restore tests, and documenting results for production database environments
GitLab or equivalent DevOps platform administration at the admin level not just as a user
SOC 2 operational familiarity: what documentation compliance looks like in practice, what an auditor expects, and how to build habits that hold up under review
Written communication that produces clear, self-contained runbooks and change logs not notes that only make sense if you wrote them --- Nice to Have The following are not requirements, but candidates who bring any of these will have a shorter ramp to full operational impact.
Experience with auto lending, auto refinancing, or consumer credit products.
Familiarity with loan origination systems (LOS), credit decisioning, or lending infrastructure.
Experience working with external partners or B2B clients in a product-led organization. --- Compensation & Benefits Base Salary: $80,000 - $100,000 annually, commensurate with experience Bonus: Performance-based incentives tied to company and individual goals Benefits: Comprehensive benefits including health, dental, vision, life insurance, 401(k), PTO, career development opportunities, and the chance to join Denver's Best Place to Work (2024 & 2025) with a dynamic culture focused on internal promotion and employee growth. --- Equal Opportunity Statement Yield Solutions Group is an Equal Opportunity Employer. We are committed to creating an inclusive environment for all employees and applicants. Compensation details: 75000-100000 Yearly Salary PI80193103bd41-26289-40982656
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre a été publiée par l’un de nos partenaires. Vous pouvez consulter l’offre originale ici.