Cloud Security/Systems Administrator

Job Title: Cloud Security/Systems Administrator
Location: Ottawa, ON (Remote)
Estimated Duration: 6 Months

Systems & Cloud Security Administrator
Cyber Team  •  Contract  •  Fully Remote  •  Secret Clearance Required

We are seeking an intermediate-level Systems & Cloud Security Administrator to join our Cyber team on a contract basis. Sitting within a security-focused function, this role is responsible for the day-to-day operational security administration of core enterprise infrastructure — including Domain Controllers, RDS servers, and Delinea Secret Server — as well as endpoint security management, vulnerability remediation, PKI operations, and cloud security tooling. The broader environment is designed and governed by our cloud infrastructure team and security architects; this role executes, maintains, and secures within that established framework. This position requires Secret clearance given the privileged and sensitive nature of the systems involved.
 

• Perform day-to-day administration and patching of Domain Controllers, RDS servers, and Delinea Secret Server cluster nodes
• Plan and execute Windows Server upgrades across DCs and member servers, including FSMO transfers and AD schema updates
• Maintain the Delinea Secret Server HA cluster — node upgrades, SQL backend health, Distributed Engine maintenance, and post-change validation
• Administer a locked-down AVD environment used as a privileged access jump host
• Author and manage GPOs to enforce security baselines and addressing security vulnerabilities
• Remediate vulnerability findings across the server and endpoint estate — translating scan outputs into GPO changes, registry hardening, patching, and service controls
• Apply and maintain CIS Levels hardening baselines across Windows endpoints and servers via Microsoft Intune configuration profiles
• Deploy and manage Microsoft Defender for Endpoint (MDE) — onboarding, policy configuration, and ongoing health monitoring
• Package and deploy software through Intune including the Delinea agent, security tooling, and enterprise applications
• Administer the enterprise internal CA — issue, renew, and revoke certificates; manage templates, auto-enrolment, and CRL configuration
• Triage and action Microsoft Defender for Cloud recommendations across the Azure footprint; maintain Secure Score and support Azure Policy enforcement
• Liaise with application teams who deploy workloads into the environment, supporting their access and connectivity needs
• Experience implementing and maintaining Conditional Access policies to enforce Zero Trust access principles
• Proficiency in PowerShell scripting to automate administrative tasks, execute Azure Run Commands, and perform environment-wide remediation — such as bulk software removal, registry changes, and configuration enforcement across endpoints and servers

• 3–5 years in an infrastructure, systems administration, or cloud security engineering role
• Hands-on experience with Windows Server (2019/2022), Active Directory, DNS, DHCP, and Group Policy
• Working knowledge of Microsoft Intune — configuration profiles, compliance policies, app deployment, and remediation scripts
• Familiarity with CIS benchmarks and practical experience applying security hardening to endpoints and servers
• Experience with Microsoft Defender for Endpoint (MDE) deployment and policy management
• Understanding of PKI concepts — CA administration, certificate templates, auto-enrolment, and CRL management
• Exposure to PAM platforms (Delinea / Secret Server or equivalent)
• Familiarity with vulnerability remediation workflows — translating scan findings into system-level fixes
• Azure fundamentals — virtual machines, compute scaling, storage accounts, Key Vault, NSGs, virtual networks, Azure AD, Log Analytics workspaces, Defender for Cloud, and Azure Policy
• Strong documentation and communication skills; comfortable working remotely and autonomously