Main Sail LLC

Microsoft Server & Azure IaaS Administrator (AD/GPO/IIS) - Remote

RemoteUnited StatesContract
$85 - $95 hourly
About the Job
Job Title: Microsoft Server & Azure IaaS Administrator (AD/GPO/IIS) - Remote

Summary:
This Microsoft infrastructure administrator will assist with the management of Windows Server, Active Directory, Group Policy, IIS, and Azure IaaS resources. This role will be responsible for day-to-day operations, security hardening, automation, and high-availability support across on‐premises and cloud environments. This position will partner closely with network, security, and application teams to ensure reliable service delivery and continuous improvement.

Key Responsibilities:
  • Windows Server Administration: Configure and maintain Windows Server (2016–2025); manage roles/features (AD DS, DNS, DHCP, Client, File Services), patching, performance tuning, and capacity planning.
  • IIS Administration: Configure and support IIS websites and applications, including application pools, bindings, SSL/TLS certificates, URL Rewrite/ARR, security hardening, and log analysis; optimize availability and performance.
  • Azure IaaS: Manage Azure VMs, VM Scale Sets, disks/storage, Azure Files, VNETs, subnets, NSGs/ASGs, Load Balancer/App Gateway, Bastion; implement backup (Azure Backup), DR (Azure Site Recovery), monitoring/alerts (Azure Monitor), and cost governance.
  • Active Directory (AD): Maintain domain health and replication; manage OU structure, users, groups, GMSAs, service accounts, and delegated permissions; troubleshoot authentication/Kerberos/NTLM issues.
  • Monitoring & Troubleshooting: Use native tools and platforms (Event Viewer, PerfMon, Azure Monitor, Log Analytics) to proactively detect and resolve issues impacting availability, performance, or security.
  • Group Policy (GPO): Design, implement, and maintain GPOs for security baselines, server configurations, and compliance; perform impact testing and change control.
  • Security & Compliance: Apply CIS/Microsoft security baselines, TLS configurations, vulnerability remediation, endpoint hardening, and log review; partner with security for audits and incident response.
  • Automation & Scripting: Build PowerShell scripts/modules to automate routine tasks (provisioning, patching, reporting) and Infrastructure-as-Code (e.g., Bicep/ARM/Terraform) for repeatable deployments.
  • Documentation & Change Management: Produce and maintain SOPs, diagrams, inventories, and runbooks; follow ITIL change/incident processes; contribute to knowledge base.
  • Collaboration & Support: Serve as escalation point for server/web platform issues; coordinate with app owners on deployments, certificates, and integration.
  • Lifecycle & Projects: Lead or support upgrades, migrations, re-platforming, and cloud adoption initiatives; drive standardization and modernization.
  • IRS 1075 Compliance: Provide answers and documentation, and implement changes required as part of IRS audit findings.
Required Qualifications
  • Experience: 5–7+ years administering Windows Server, AD, GPO, and IIS in mid‐to‐large enterprise environments.
  • Technical Proficiency:
    • Windows Server (2016–2025), AD DS, DNS, restores.
    • Group Policy design and troubleshooting (RSOP, GPMC, GPResult).
    • IIS configuration, SSL/TLS, bindings, app pools, URL Rewrite/ARR, logging.
    • Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics).
    • PowerShell scripting (automation, modules, REST/Graph, CLI).
  • Process & Practices: Strong documentation, change control, and incident/problem management (ITIL).
  • Soft Skills: Clear communicator, collaborative, organized, and able to prioritize across multiple stakeholders and deadlines.
Preferred Qualifications
  • Certifications:
    • Microsoft Certified: Azure Administrator Associate (AZ‐104), Windows Server Hybrid Administrator Associate (AZ‐800/AZ‐801)
    • Plus/Nice to Have: Azure Network Engineer (AZ‐700)
  • Enterprise Tools: Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira.
  • Networking: Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints.
  • Web/App Integration: Familiarity with .NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS.
Infrastructure-as-Code & Config: Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints.
  • Azure DevOps: Experience with server-side configurations

Requirements:
  • 5–7+ years administering Windows Server, AD, GPO, and IIS in mid to large enterprise environments. - Required 7 Years.
  • Group Policy design and troubleshooting (RSOP, GPMC, GPResult). - Required.
  • Windows Server (2016–2025), AD DS, DNS, restores - Required
  • IIS configuration, SSL/TLS, bindings, app pools, URL Rewrite/ARR, logging - Required.
  • Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics). - Required.
  • PowerShell scripting (automation, modules, REST/Graph, CLI). - Required.
  • Azure Administrator Associate (AZ 104), Windows Server Hybrid Administrator Associate (AZ 800/AZ 801)- Required.
  • Azure Network Engineer (AZ 700) - Nice to have.
  • Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira - Required.
  • Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints. - Required.
  • Familiarity with .NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS - Required.
  • Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints. - Required.