Windows Server and Microsoft Exchange server Admin

Senior Systems Administrator (Windows / Exchange / Azure)

Location : Hybrid / On-site

Type : Full-time

• Exempt

Reports to :

IT Infrastructure Manager

Role Summary Own the reliability, security, and lifecycle of our Microsoft stack across on-prem and Azure. You’ll administer Windows Server and Microsoft Exchange, manage Azure resources, handle light SQL administration for line-of-business apps, and drive vulnerability remediation end-to-end.

Key ResponsibilitiesWindows Server & Core Services

Administer Windows Server 2016–2022 (AD DS, DNS, DHCP, DFS / DFSR, File / Print, GPOs).

Implement RBAC / AGDLP, ABE, FSRM quotas / screens, and NTFS / share permissions hygiene.

Patch management, OS hardening, baseline configuration (CIS / SCM), and certificate services (PKI).

Microsoft Exchange (On-prem & Online)

Operate and maintain Exchange (on-prem and / or Exchange Online) : mailbox databases, DAGs, transport rules, connectors, journaling, retention, and eDiscovery.

Manage hybrid identity and mail flow (MX, SPF / DKIM / DMARC, accepted domains, safe-senders / blocked senders).

Troubleshoot queues, performance, client connectivity (Outlook / ActiveSync / Mobile).

Azure Administration

Manage Azure AD / Entra ID, Conditional Access, PIM, SSPR / MFA, Azure AD Connect / Cloud Sync.

Provision and govern Azure resources (VMs, storage, VNets, NSGs, load balancers, backup / recovery).

Implement Azure security controls : Defender for Cloud, Update Management, RBAC, Key Vault, logging (Log Analytics / Sentinel).

SQL (Light DBA Support)

Basic SQL Server administration : install / patch, backups / restores, jobs / agents, permissions, and performance triage (indexes, blocking basics).

Partner with DBAs / app owners on upgrades and schema changes; ensure HA / DR runbooks are current.

Vulnerability & Compliance

Own the vuln remediation cycle : ingest findings (Tenable / Nessus, Defender, Qualys, etc.), prioritize, patch or mitigate, and validate closure.

Track exceptions / compensating controls, maintain dashboards / SLA metrics, and support audits (HIPAA, SOC 2, PCI, etc.).

Group Policy / Intune hardening for servers; TLS / cipher suites, secure baseline drift detection.

Operations & Automation

Write PowerShell for provisioning, reporting, and remediation at scale; maintain source-controlled scripts.

Create runbooks, DR plans, and knowledge articles; participate in an on-call rotation.

Required Qualifications

8+ years administering Windows Server in enterprise environments.

8+ years with Exchange (on-prem and / or Exchange Online) including hybrid mail flow.

5+ years Azure administration (AAD / Entra, VM / storage / networking, security).

Practical PowerShell expertise (modules : ActiveDirectory, ExchangeOnline, Az, Graph).

Experience with vulnerability scanners and patching workflows (WSUS / SCCM / Intune / Azure Update Mgt).

Solid understanding of networking (TCP / IP, DNS, SMTP, TLS, certs) and identity (Kerberos / NTLM, OAuth).

Nice-to-Have

SQL Server Admin Associate-level skills (backup / restore, security, job maintenance, performance basics).

Experience with M365 (SharePoint, Teams, OneDrive), Intune, and Autopatch.

Scripting beyond PowerShell (Python) and Infrastructure as Code (Bicep / Terraform).

Monitoring / observability : SCOM, Nagios, Datadog, Sentinel, Splunk.

Backup & recovery tooling (Veeam / Azure Backup) and DR testing in hybrid setups.

Certifications (preferred, not required)

Microsoft : AZ-104 ,

AZ-500 ,

MS-102 ,

Exchange

(legacy),

SC-200 / SC-300 .

Security : CompTIA Security+ ,

CISSP

(plus).

SQL : DP-900

or

DP-300

(nice to have).

Soft Skills

Strong ownership and prioritization; communicates clearly with technical and non-technical stakeholders.

Documentation-first mindset; able to create concise runbooks and change plans.

Collaboration across security, networking, apps, and support teams.

KPIs / How success is measured

Patch / vulnerability

SLA compliance

and mean-time-to-remediate (MTTR).

Service uptime

and incident reduction for Exchange and core services.

Audit readiness : clean access / permissions posture and documented controls.

Automation coverage : percentage of routine tasks scripted / runbooked.