Systems Engineer

Systems Engineer

  Not Disclosed

  Madison, WI

  7 Months

  Not Disclosed

  Not Disclosed

  Government - State

Job Description

This is a hybrid position requiring on-site work at the client 1–3 days per week depending on project and operational needs.

Description

The client manages the technology and computer infrastructure that drives the client ’s business systems. The IT department manages infrastructure and software that supports the client Archives Preservation Facility (SAPF), and twelve Historic Sites around the client. This position reports to the Deputy IT Director and works closely with IT team members, key internal stakeholders across all client divisions, and external partners such as the client, providing expertise and support for a variety of complex systems, emerging technologies, and operational compliance.

Working under the general supervision of the Deputy IT Director, the IT Systems & Cloud Engineer plays a central role in managing, securing, and optimizing both cloud and on-premises infrastructure for the client Historical Society. This includes server environments, virtual machines, M365 and Entra ID services, enterprise SaaS platforms, and a growing portfolio of cloud and storage solutions. The position is instrumental in implementing secure, scalable systems that support the client ’s operational goals and ongoing technology evolution.

The IT Systems & Cloud Engineer leads and supports initiatives that strengthen and secure the client ’s technology environment. Day-to-day work involves collaborating with partner client to manage authentication and identity systems, troubleshoot complex system issues, coordinate upgrades and migrations, and automate or streamline recurring tasks. The role requires strong technical judgment, hands-on problem solving, clear documentation, and a balance between immediate operational needs and long-term strategy.

This position also supports IT security and compliance efforts by assessing risks in cloud-hosted solutions (SaaS, PaaS, IaaS) and emerging technologies, including products and services that incorporate Artificial Intelligence (AI). The engineer gathers technical and use case details for AI-enabled tools, ensures data protection standards are met, and coordinates review and approval through partner client governance processes. Additional responsibilities include conducting log analysis using SIEM tools, reviewing vulnerability scan results, and preparing executive-level reports on systems security and compliance. The role also helps support and coordinate firewall and security exception requests, incident response activities, and the client ’s vulnerability management program.

Responsibilities

Systems Administration & Infrastructure

Administer and maintain client servers, virtual machines, and hybrid infrastructure to ensure reliability, performance, and data protection.
Lead the configuration, monitoring, and patching of Windows Server, M365, and Entra ID environments in coordination with partner client.
Implement and maintain automation scripts and workflows (PowerShell, CLI, or platform tools) to streamline routine tasks and improve system efficiency.
Integrate and manage hybrid identity and authentication systems (Entra ID, SSO) for secure access to enterprise SaaS and cloud resources.
Plan and coordinate upgrades, migrations, and maintenance windows to minimize service disruption.
Maintain accurate documentation for configurations, integrations, and operational standards.

Cloud & Storage Management

Manage AWS and other cloud-based storage platforms, including lifecycle automation, data tiering, and integration with on-prem systems.
Monitor cloud utilization and performance, recommending optimizations for scalability, resilience, and cost-effectiveness.
Support deployment and configuration of new SaaS applications, ensuring compliance with client standards.
Evaluate and implement secure connectivity and data-transfer methods between on-prem and cloud systems.

Technology Intake & Vendor Review

Coordinate technology intake and vendor review processes, gathering business use cases, data classifications, and system requirements.
Review vendor documentation such as privacy policies, security artifacts (SOC 2, StateRAMP, FedRAMP), and licensing terms to assess compliance and risk.
Partner with internal stakeholders and the client to ensure new technology meets security, accessibility, and policy requirements.

AI & Emerging Technology Governance

Evaluate products and services that incorporate Artificial Intelligence (AI) for compliance with client data governance, privacy, and security standards.
Identify accountable business stakeholders to help ensure technology and its use adheres to prescribed business processes.
Gather and document technical details and approved use cases for AI-enabled tools, coordinate review and approval through client governance processes.
Maintain an inventory of approved AI applications and related risk considerations. Monitor for changes to AI sub processors and terms of use for applications in the portfolio.

Monitoring, Security Coordination & Reporting

Monitor infrastructure health, performance, and alerts using enterprise tools (e.g., Splunk, Tenable, IronPort, or equivalent).
Assist with vulnerability management coordination by reviewing findings, tracking remediation, and maintaining dashboards in collaboration with system owners.
Translate technical information into clear, actionable summaries for diverse audiences, including executive leadership.
Support incident response activities and coordinate with partner client or managed service providers during investigations or escalations.

Compliance, Documentation & Continuous Improvement

Support adherence to client, NIST, and PCI-aligned standards by documenting processes, controls, and exceptions related to systems and cloud infrastructure.
Contribute to audit preparation, evidence collection, and compliance reporting.
Champion secure and efficient technology practices across IT and business units, balancing innovation with governance.

Minimum Qualifications

5+ years of experience in system administration or cloud engineering within hybrid environments.
Extensive knowledge of Microsoft 365, Entra ID, Windows Server, and AWS storage services (S3, Glacier, Intelligent Tiering).
Demonstrated ability to design and implement automation, monitoring, or integration scripts using PowerShell, Python, or equivalent tools.
Experience integrating and supporting enterprise SaaS platforms and SSO/IAM solutions.
Experience with cloud lifecycle management, cost optimization, or hybrid storage automation.
Working knowledge of vulnerability management, SIEM, or related monitoring tools (e.g., Tenable, Splunk, IronPort, Cloudflare).
Understanding of security best practices including encryption, access control, and patch management.
Familiarity with compliance frameworks such as NIST, PCI DSS, CIS, or ISO 27001.
Excellent documentation and communication skills, with the ability to translate complex technical concepts for diverse audiences.
Strong problem-solving and analytical skills with a focus on continuous improvement.

Desired Qualifications

Familiarity with single tenant multi-agency state government IT environments, policies, and collaboration.
Relevant industry certifications (e.g., Microsoft, AWS, CompTIA, ISC2, or ITIL) preferred.


Must have:

Experience in system administration or cloud engineering within hybrid environments. (5+ years)
Extensive knowledge of Microsoft 365, Entra ID, Windows Server, and AWS storage services (S3, Glacier, Intelligent Tiering). (5+ years)
Demonstrated ability to design and implement automation, monitoring, or integration scripts using PowerShell, Python, or equivalent tools. (5+ years)
Experience integrating and supporting enterprise SaaS platforms and SSO/IAM solutions. (5+ years)

Nice to have:

Experience evaluating AI tools or emerging technologies for compliance, privacy, or ethical risks.
Expertise in AWS S3 Bucket, lifecycle, and IAM policies as well as AWS Billing Console and advanced cost reporting.
Experience coordinating or supporting IT security reviews, exception workflows, or audit responses.
Familiarity with single tenant multi-client IT environments, policies, and collaboration.

Notes:

This is a hybrid position requiring on-site work at the client 1–3 days per week depending on project and operational needs.