Senior Systems Engineer

Role Purpose

Our IT mission is to ensure technology genuinely empowers H&V to create a cleaner world-and infrastructure is the foundation that the mission rests on. When it works, no one notices. When it doesn't, production stops and deadlines slip. Nearly every system the business runs on touches infrastructure you're responsible for.

You own the Windows server estate-on-premises, virtual, and in the Microsoft cloud. You design new systems, maintain the standards they're built to, and set the bar for how the work gets done across our US mill sites and international locations. As a senior technical voice on the Infrastructure team, you're the engineer others turn to when they're stuck. The role mixes architecture and administration-you'll spend time designing new systems and time running the day-to-day work that keeps them healthy. Throughout, you put the customer first: success isn't measured by the systems you deliver, but by whether they help the business achieve its goals.

Key Responsibilities

Server Architecture & Engineering

• You drive modernization-building the case for what to retire, consolidate, move to PaaS, or rebuild on modern patterns.
• You architect, install, configure, and troubleshoot Windows servers across physical, virtual, and cloud environments-and design how new capabilities get built.
• You lead upgrades and implementations end to end-test, cutover, and rollback plans included. Done means running in production, documented, and handed off.
• You tune for performance and find servers that are starved, oversubscribed, or drifting before users do.
• You troubleshoot, repair, and recover from system failures.
• You operate the server-side operational stack (NinjaOne, CrowdStrike): patches deploy on schedule, alerts get investigated, exclusions are managed deliberately.

Active Directory & Domain Services

• You operate and evolve Active Directory end to end: objects, sites, OUs, GPOs, domain controllers, replication, and DNS.
• You own AD hygiene-setting the standard, surfacing drift in accounts, groups, and GPOs, and driving cleanup through the team rather than chasing it solo.
• You design directory changes with an eye toward security, manageability, and what comes next-and help shape the directory's longer-term path, whether that's hybrid, cloud-anchored, or modernized on-prem.

Microsoft 365 & Azure

• You configure and troubleshoot Azure and Microsoft 365 services-Exchange Online, SharePoint, Teams, and the connective tissue that ties them to on-premises systems.
• You manage the Azure estate to a standard-subscriptions, management groups, naming and tagging, Azure Policy-and coordinate with our third-party MSP so workloads on both sides meet the same bar.
• You manage mail flow and security across Exchange Online and Proofpoint-policy, allow/block, quarantine, and the integration points that keep legitimate mail moving and threats out.

Identity & Access Security

• You design and maintain Entra ID Conditional Access policies enforcing MFA, device compliance, and risk-based controls. Identity is the perimeter-you treat it that way.
• You manage MFA at scale: enrollment, exceptions, break-glass accounts, and the troubleshooting that comes with running it across global sites.
• You design and operate Privileged Access Management (PAM)-admin account separation, just-in-time elevation, and credential vaulting-and bring new platforms into the model rather than leaving them as exceptions.
• You own hybrid identity end to end-Entra Connect, federation, and the sync health that keeps on-premises AD and the cloud in agreement.

Virtualization & File Services

• You manage our on-premises virtualization platform-hosts, clusters, storage, networking, and VMs-with capacity, performance, and resilience yours to plan for. VM standards and templates keep new servers consistent, not snowflaked.
• You evaluate whether the current hypervisor remains the right path-weighing pricing, licensing, feature direction, and alternatives. You bring the analysis, not the loyalty.
• You operate DFS and corporate file services today, and help define the path forward-whether that's modernizing on-prem, migrating to SharePoint/OneDrive, or a hybrid model-balancing user experience, cost, and risk.

Backup & Recovery

• You own backup and recovery across on-premises and cloud workloads. Coverage matches the data, retention matches the requirement.
• You test restores. A backup that hasn't been restored is a guess-you run periodic restore exercises and know how long systems take to come back.
• You set and maintain RPO and RTO targets per system class, and flag gaps when business expectations and current capability don't match.

Automation, Integration & AI

• You automate at the systems level-APIs, webhooks, event-driven flows, and integrations between platforms-so two systems that should be talking to each other don't need a human in the middle.
• You use the right tool for the job-PowerShell, Python, IaC, low-code, or vendor APIs-outcome-focused, not language-religious.
• You bring AI into the infrastructure toolkit-using AI assistants in your own work and evaluating where AI capabilities and agentic automation can change how the team operates, not just speed up the status quo.

Licensing & Cost Stewardship

• You make sure platforms are properly licensed-right SKUs, right counts, right entitlements-so an audit tomorrow finds us ready.
• You use what we pay for wisely-reclaiming unused M365 seats, right-sizing Azure VMs (ours and our MSP's), shutting down idle resources, and challenging sprawl.
• You're the technical voice during renewals and true-ups-you bring the data and push back when vendor numbers don't match reality.

How You Work

• You solve the business problem, not just the ticket. You ask what the customer is actually trying to accomplish before reaching for a fix-and you push back on requests that would solve the wrong thing well.
• You look for what can be done, not why it can't. "No" is a last resort, and when it's the right answer you bring an alternative.
• You stay visible, especially when things are hard. During incidents and slipping commitments, customers and leaders hear from you early and often-not after the fact.
• You share what you know. Knowledge that lives only in your head is a risk to the business-you document and bring others along.

Technical Leadership & Mentorship

• You mentor engineers through pairing on real work, code and design review, and direct feedback. People should be better engineers for having worked with you.
• You set and maintain technical standards across the server environment, and you hold the line when shortcuts get proposed.
• You provide clear, proactive updates to the Director of Infrastructure and senior leaders on the state of the environment, project status, and risks-so they can make good decisions.

What You Own:

• Server uptime, including root-cause follow-through so the same outage doesn't repeat.
• Standards ownership - builds follow them, documentation matches reality, changes happen deliberately.
• Project delivery on time, with tested rollback plans and a real handoff.
• Identity, access, and licensing posture.
• Architectural direction - what stays on-prem, what moves to SaaS/PaaS, and what gets retired.

What We're Looking For:

Required

• US citizen or Green Card holder.
• 8+ years of systems engineering experience across on-premises and cloud environments.
• Experience designing systems, not just running them-taking requirements through architecture, build, and into production ownership.
• Experience as the senior technical engineer on an infrastructure team-the person who sets standards, mentors others, and gets escalated to.
• Strong working knowledge of Windows Server, Active Directory, VMware, Azure/Microsoft 365, and Exchange-you've built these systems, broken them, and rebuilt them better.
• Hands-on with Entra ID Conditional Access and MFA at scale. You've designed policies, not just toggled settings.
• Backup and recovery experience across on-premises and cloud workloads-designed schedules, tested restores, recovered under pressure.
• Strong automation and integration skills (PowerShell, Python, or equivalent), plus practical experience tying systems together via APIs and event-driven patterns. Scripting is table stakes; integrations are where the value is.
• Working fluency with AI tools and a point of view on where they fit-you use them daily, know where they fail, and spot opportunities beyond personal productivity.
• Customer-first mindset. You listen before proposing, measure success by business outcomes, and treat working with IT as an experience you're responsible for-not just a queue of tickets.
• Growth mindset. You treat world-class IT as a practice built on feedback and improvement, not a finish line.
• Willing to participate in an on-call rotation for issues affecting production or business operations, and to travel occasionally to other H&V sites.
• Experience leading or contributing to a PAM deployment (CyberArk, BeyondTrust, Delinea, or similar).

Preferred

• Hands-on with our operational stack-NinjaOne, CrowdStrike, Proofpoint, Barracuda Backup, and Azure Recovery Services Vault-or close equivalents.
• Experience in manufacturing or distributed site environments.

Starting salary $100k+