Own the stability, scalability, and security of our hybrid infrastructure (on-prem + cloud), Act as technical control owner: access control, logging/SIEM, hardening, backup/DR, and vendor/outsourcing tech controls. Mentor L1/L2, lead L3 incidents, automate operations, and maintain clean audit evidence mapped to LAW 139.
Key Responsibilities:
Operations & Reliability
- Ensure >=99.9% availability across servers, VMs, storage, and core services.
- Plan/execute OS, database, and middleware patching with validated rollback.
- Capacity planning; optimize cloud/on-prem cost and performance.
- Build monitoring/alerting (e.g., Zabbix); tune thresholds.
- Implement CIS baselines for Linux/Windows, network devices, and databases.
- Enforce IAM/RBAC, MFA, PAM for privileged accounts; quarterly access reviews and JML controls.
- Centralize logs with immutable retention; integrate with SIEM use-cases.
- Lead annual BCP/DR tests; achieve RPO/RTO; maintain runbooks and immutable evidence.
- Coordinate vulnerability scanning and penetration tests; drive remediation to SLA.
- Administer VMware/Hyper-V/Openstack and Azure (compute, storage, virtual networking, identity).
- Manage routing/switching, FortiGate firewalls, IPsec VPNs (incl. partner tunnels - e.g., RAYA), WAF/LB, DNS/DHCP/NTP.
- Maintain segmentation (prod/non-prod/mgmt) and secure remote access with MFA and logging.
- Administer AD/Azure AD, PKI/internal Enterprise CA (cert lifecycle), 3CX VoIP integration. Platform operations for MySQL (TLS,
- backups/replication/HA), backup & restore (Veeam)
- Support endpoint security (Kaspersky Next EDR + KES on Ubuntu/Windows).
- Lead L3 incident response and RCAs; maintain problem backlogs and corrective actions.
- Chair or contribute to CAB, document change plans and backout complete PIRs.
- Mentor Helpdesk/Desktop teams, keep knowledge base and SOPs current.
- 10+ years in systems administration / infrastructure engineering (increasing responsibility).
- Deep Linux (Ubuntu/RHEL) and Windows Server; strong AD/Azure AD.
- VMware/Hyper-V and Azure proficiency (VMs, VNets/VPN, storage, identity).
- Networking: TCP/IP, VLANs, routing, IPsec, FortiGate policy/NAT, TLS/PKI.
- Backup/DR operations with proven restore; replication/failover orchestration.
- Security operations: patch/vulnerability management, SIEM integration, baseline hardening.
- Scripting/automation: PowerShell, Bash.
- ITIL practices (incident/change/problem) audit-ready documentation and evidence handling.
- Fintech/regulatory experience; FRA technology audits.
- MySQL HA (InnoDB Cluster/Group Replication) and performance basics.
- Identity governance/PAM, EDR/XDR, DLP, email security gateways.
- Experience with Kaspersky KES for Linux and Windows endpoints, 3CX administration.
- Microsoft: MCSA/MCSE
- Linux/Cloud: RHCSA/RHCE, LFCS/LFCE)
- Security: ISO/IEC 27001 Lead Implementer/Auditor, Security+, CySA+.
- Networking: Fortinet NSE 4/5, CCNA/CCNP.
- ITIL v4 Foundation (or higher).
- Map platform controls to FRA LAW 139/2023; maintain live Control-to-Evidence matrix.
- Keep policies/runbooks current, perform quarterly access reviews and annual DR tests.
- Store immutable evidence (configs, screenshots, tickets, logs) for audits.
- Participate in risk assessments, CAB, and post-incident RCAs.
Attractive Package
الإبلاغ عن وظيفة
