System Administrator

Systems Administrator 

Summary/Objective

Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber-attacks with proven defensive methodology, we quickly identify, contain, eradicate and recover from a cyber-attack. Our goal is to get businesses fully operational as quickly as possible and to further prevent any downtown or impact to the business operations.

CyberClan investigates and assists clients with all types of security breaches, insider threat, unauthorized access, malicious code. Some you’ve probably read about in the news before, but many more stay hidden from the public’s eye. We receive and investigate the client's data in a secure forensic lab environment. Because the company growth and dynamic nature of the caseloads we want to move these efforts to the public cloud and take full advantage of the inherent elasticity and automation capabilities.

We are looking for a motivated and detail-oriented System Administrator with intermediate-level experience to join our IT team. This role is ideal for someone who has a strong foundation in system administration and is ready to take the next step in their career. You’ll be responsible for maintaining and supporting the clients’ servers, systems, and IT infrastructure, while also contributing to projects that improve their technology environment. As this is a senior role, you would be expected to offer support and mentorship to junior members of the team as well as work on multiple projects at the same time. This role involves working with various networking technologies, including wired, wireless, and cloud-based solutions. This position will require extensive and frequent travel to multiple locations and sometimes on short term notice.

Reporting to the Global Head of Digital Forensics & Incident Response, the successful candidate will work as part of the Post Breach Remediation team and serve as the Incident Commander in all on-site and remote incidents. You will collaborate closely with other cross-functional teams within the organization.

Essential Functions

• Assist DFIR team with imaging, data acquisition & installing agents for compromised clients on-site
• Assist with the scoping of new engagements using a whole lifecycle approach, guiding the client from initial discovery through mitigation and remediation
• Lead efforts to rebuild and restore compromised systems and networks, including Active Directory, Exchange, and cloud infrastructures, ensuring they are secure and fully operational
• Implement security measures and best practices to harden systems against future attacks, including configuring firewalls, VPNs, and group policies
• Liase with DFIR team and Sales to keep open communication regarding compromised client
•  Assist DFIR team with additional workflow through incident response cases
• Communicate effectively with clients to understand their specific needs, provide updates on remediation progress, and offer guidance on enhancing their cybersecurity posture
• Develop custom scripts, tools, or methodologies to enhance CyberClan’s incident response processes for a wide range of systems and technologies
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and remediation techniques to continuously improve response strategies
• Maintain detailed records of remediation activities, configurations, and changes made during the recovery process for auditing and compliance purposes
• Identify long term requirements through solutions during the remediation process to be handed over to the Sales teams to pursue the opportunity
• Identify vendor solutions to solve/improve client needs and experience and elevate those to Leadership for review/consideration
• Work with other team members to develop workflows, playbooks and best practices to be employed and repeated across regions
• Effectively communicate investigative findings and strategy to client stakeholders including technical staff, executive leadership, third-party stakeholders, underwriters, and legal counsel
• Provide clients with immediate actionable 0-day cyber security advice to stop and mitigate the damage of ongoing attacks
• Triage active high-stakes security events, including reviewing and applying security controls to detect, respond, prevent and remediate threats
• Recognize and codify attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to current and future investigations
•  Provide in-person and digital training to clients, stakeholders, and vendors
  
• Serve as a system administrator for environments such as SaaS, on-premises and Cloud platforms
• Understand and prioritize stakeholder needs and translate their requests into application functionality
•  Design workflows for how tools should be used and document system setup
• Create integrations between systems
• Perform troubleshooting as required
• Design, install, maintain and support hardware and software for network infrastructure and other technology services
• Participate in on-call rotation to provide after-hours support for critical infrastructure issues.
• Be flexible, adaptable to changing priorities, and be comfortable to learn and perform additional duties as required. 

Required Skills, Experience, Degrees or Certification

• 4-6 years experience as a Network Administrator, Server Engineer, or a similar technical role.
  
• Degree in information technology, computer science, or a related field; relevant certifications (e.g., Cisco CCNA, CCNP, CCISP, CCIE, CompTIA Network+, CompTIA Server+, CompTIA Security+, MCSA/MCSE, Cisco Certification) preferred.
  
• Project management and IT framework trainings and certificates including PMI, PRINCE2, ITIL, COBIT an asset.
  
• Extensive working knowledge of core technologies: network, servers, storage, data center, firewall, data protection, virtualization, active directory, authentication, video surveillance, cloud and unified communication technologies.
  
• Strong knowledge of network protocols, IP networking, routing, switching, subnetting, server and database management, security principles and best practices, server patching, hardening, and network and security monitoring.
  
• Extensive working experience with current major brand networking devices like Meraki, major brand firewalls technologies like Check Point & Fortinet, virtualization like VMWare, and network monitoring tool like Solarwinds.
  
• Extensive experience to configure and maintain IIS servers for web services, create, manage and troubleshoot databases. Solid working knowledge in SQL Server and SQL scripting, PowerShell scripting, SSIS packages, etc.
  
• Extensive working knowledge of M365 product suite including Azure and on-prem active directory, OneDrive for Business, SharePoint & Exchange Online, Teams Telephony (including VoIP and SIP Trunk) and M365 security features and configurations.
  
• Extensive project experiences in network design and deployment, firewall upgrade, server migration, video surveillance upgrade, cybersecurity and incident response policies, disaster recovery plan and business continuity plan, and providing high-availability infrastructure.
  
• Excellent oral and written communication skills and attention to detail. Strong problem solving, prioritization, organizational skills to work independently with minimal supervision. Great interpersonal skills to collaborate with cross-functional teams.
  
• Self-motivated, customer-oriented and emotional intelligent professional with willingness to go extra mile during emergency situation, and flexibility to adapt to changing priorities in a fast paced and demanding environment that requires "wearing multiple hats" and fast decision making.
  
• Committed to continuous learning and professional development, eager to collaborate and cross-train, ready to step out of the comfort zone and take on tasks beyond the scope of job description.
  
• Candidates may also be considered for a more junior role within a lower pay band, subject to availability and interest.
  
• Background or strong interest in investigating cyber-related incidents
  
• Demonstrated experience in using analytical skills in a cyber security environment do triage and detect what events transpired
  
• Demonstrated experience working with and identifying various malware strains
  
• Demonstrated ability to make decisions on remediation and counter measures for challenging information security threats
  
• Strong hands-on working knowledge of:
  
  • Servers; including Physical, Virtual and Cloud
    
  • Hypervisors; including ESXi and Hyper-V
    
  • Windows Server; from 2008 to 2025
    
  • Windows desktop; from XP to 11
    
  • Windows desktop imaging with MDT, SCCM, InTune etc.
    
  • Windows Domains; including ADDS, DNS, DHCP, GPO, NPS and RADIUS
    
  • Cloud services including M365, Azure, AWS and GWS
    
  • External facing systems including RDS, IIS, SFTP
    
  • SAN and NAS over IP, FC, FCoE, SAS
    
  • Backup Services including VEEAM, BackupExec
    
  • Windows disk and memory forensics
    
  • Network protocols and traffic analysis
    
  • Scripting and/or programming
    
  • Enterprise domain and application architecture
    

Preferred Skills, Experience, Degrees or Certifications

●   Preference on one or more of the following technical certifications: Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), MCFE, EnCE or equivalent certifications

● Hands-on experience with Penetration Testing and/or Red Teaming

● Hands-on experience Security auditing and consulting

● Experience with MacOS and Linux distributions.

● Background working with Law Enforcement

● Hands-on experience interacting with the Dark Web, and Threat Actors

Job Type

Full-time/Exempt

Location

100% Telecommuting

%of Travel Required

Up to 70%

Physical Requirements

Prolonged periods of sitting at a desk and working on a computer.

CyberClan is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status