Job Summary

JOB DESCRIPTION

The System Administrator is responsible for designing, implementing, securing, and maintaining the organization's complex systems infrastructure, with a focus on hybrid cloud environments, virtualization technologies, server hardware and network infrastructure. This role also encompasses local area networks (LANs), wide area networks (WANs), and cloud networking solutions.

Job Duties

• Develops comprehensive network designs that meet current and future business requirements, emphasizing performance, scalability, and security
• Sets up and manages advanced network services such as VPNs, firewalls, and SD-WAN solutions to support hybrid cloud architectures
• Deploys and manages Cisco Meraki solutions to create a seamless cloud-managed network
• Configures Auto VPN, application control, traffic shaping, content filtering, access control lists (ACLs), and quality of service (QoS) settings within the SD-WAN environment to optimize performance and security
• Defines, implements, and optimizes firewall rules to allow legitimate traffic while blocking malicious or unauthorized access while continuously evaluating and adjusting rules for performance and security
• Integrates firewalls with intrusion detection/prevention systems (IDS/IPS) to detect and mitigate potential attacks
• Implements Wi-Fi security protocols (e.g., WPA3, 802.1X) and manage authentication mechanisms to protect wireless access
• Stays up to date with the latest networking technologies and industry best practices
• Executes network and system migrations, including hardware and software upgrades, configurations, and integrations
• Manages and administer on-premises servers and services, including Active Directory configurations, access permissions, GPOs, user management and other system components
• Develops and maintain documentation for system configurations, network architecture, and operational procedures
• Collaborates with cross-functional teams to support projects related to cloud services, application deployment, and infrastructure upgrades
• Collaborates with the security team to respond to incidents and implement corrective actions
• Designs, implements, and manages backup strategies to ensure data integrity, availability, and recoverability for critical systems, applications, and data
• Applies and enforces Security Technical Implementation Guides (STIGs) on systems infrastructure to ensure compliance with organizational and regulatory security standards
• Implements FIPS mode on applicable systems and network devices to ensure that they only use FIPS 140-2 approved cryptographic algorithms and modules
• Maintains and manages domain DNS services to ensure reliable name resolution for internal and external resources
• Administers DHCP services, including configuring scopes, options, and reservations to efficiently allocate IP addresses
• Monitors and troubleshoots DNS, DHCP, and authentication issues, implementing necessary changes to optimize performance and security
• Maintains certificate authority servers’ hierarchy ensuring servers are highly secured to prevent unauthorized access
• Handles certificate signing requests (CSRs) for re-issuing certificates due to changes in domain names, key pairs, or organizational needs
• Establishes certificate templates to define the rules for certificate issuance, including validation requirements, validity periods, and key lengths
• Regularly audits and reviews which services are using SSL certificates and ensure they are up to date with the appropriate certificates and configurations
• Oversees the VMware virtual environment including vCenter administration, virtual machines (VM) provisioning, monitoring, and performance tuning
• Optimizes resource allocation for VMs and ensure high availability and disaster recovery configurations
• Configures and manages virtual networking within vSphere, including distributed switches, storage solutions and port group configurations
• Regularly manages VM snapshots for backup procedures and avoid excessive storage consumption and performance issues
• Assigns storage policies to datastores to define performance, availability and encryption requirements to protect data on the storage layer
• Regularly updates server software, operating systems, and applications to ensure optimal performance and security
• Monitors server resources such as CPU, memory, and disk space to avoid performance issues or system failures
• Maintains detailed documentation of server configurations, maintenance activities, and any incidents or issues
• Other duties as needed
  
  
  

Supervisory Responsibilities

• N/A
  
  
  

Education

Qualifications, Knowledge, Skills and Abilities:

• Bachelor’s degree in computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering, required
• Master’s degree in computer science, cybersecurity, information technology, network engineering, information systems, or computer engineering, preferred
• Annual 40 hours of continuous learning, (may include professional memberships, forums, lunch and learns, roundtables, online training courses, and maintaining certifications), required
  
  
  

Experience

• Five (5) or more years of advanced networking experience, required
• Three (3) or more years of experience with operating systems, virtualization and cloud computing, required
• Two (2) or more years of experience with securing IT systems compliance with industry security frameworks, required
  
  
  

License/Certifications

• Cisco CCNP Enterprise, Microsoft, VMware, RHEL, or other Networking related certifications, preferred
  
  
  

Software

• Experience with four (4) or more of the following, required:
• Cisco Next-Gen Firewall (NGFW)
• Cisco cloud-managed SD-WAN technologies
• Virtualization Technologies
• VMware vSphere
• Dell PowerEdge, iDRAC
• Cisco AnyConnect
• Cisco Catalyst WLAN & Switches
• Certificate Authority
• Windows Server 2016+
• Microsoft Azure, Office365, Endpoint Manager/Intune, Enterprise Applications
• Active Directory Certificate Services (ADCS)
• DMZ, SSH, DNS, DHCP, RADIUS, PuTTY, Wireshark, TraceRT
  

Other Preferred Knowledge, Skills, And Abilities

• Knowledge of FedRAMP, NIST SP 800-53, NIST SP 800-171, NIST CSF, Cybersecurity Maturity Model Certification (CMMC), ISO 27000, ITAR
• Knowledge of computer networking concepts and protocols, and network security methodologies
• Knowledge of communication methods, principles, and concepts that support the network infrastructure
• Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware
• Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Familiarity with Information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption)
• Knowledge of Local area and wide area networking principles and concepts including bandwidth management
• Knowledge of Telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing)
• Familiarity with Virtual Private Network (VPN) security
• Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless)
• Proficiency with Windows Server OS, including Active Directory, Group Policies, and managing Windows-based services
• Familiarity with Network security architecture concepts including topology, protocols, components, and principles
• Familiarity with network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools
• Familiarity with an Organization's information classification program and procedures for information compromise
• Familiarity with network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
• Knowledge of controls related to the use, processing, storage, and transmission of data
• Understanding and setting up RAID configurations to protect against disk failure
• Ability to analyze network traffic capacity and performance characteristics
• Ability to implement, maintain, and improve established network security practices
• Ability to install, configure, and troubleshoot LAN and WAN components such as routers, hubs, and switches
• Ability to use network management tools to analyze network traffic patterns (e.g., simple network management protocol)
• Ability to protect a network against malware (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
• Ability to configure and utilize network protection components (e.g., Firewalls, VPNs, network intrusion detection systems)
• Ability to implement and test network infrastructure contingency and recovery plans
• Ability to configure and utilize computer protection components (e.g., hardware firewalls, servers, routers, as appropriate)
• Ability to operate network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware
  
  
  

About Us

Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world.

At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team. BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.

BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions.

We Are Committed To Delivering Exceptional Experiences To Middle Market Leaders By Sharing Insight-driven Perspectives, Helping Companies Take Business As Usual To Better Than Usual. With Industry Knowledge And Experience, a Breadth And Depth Of Resources, And Unwavering Commitment To Quality, We Pride Ourselves On

• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional “benefits.” Click here to find out more!
• Benefits may be subject to eligibility requirements.
  
  
  

Equal Opportunity Employer, including disability/vets

Click here to find out more!

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability or protected veteran status.

"BDO USA, P.A. is an EO employer M/F/Veteran/Disability"