This is a Hybrid project (Remote + 1-3 days/week onsite as required). Candidate MUST relocate to WI before project start date.

Description

The Bureau of Information Technology Services (BITS) at the Wisconsin Historical Society (WHS) manages the technology and computer infrastructure that drives the Agency s business systems. The IT department manages infrastructure and software that supports the WHS Headquarters building, the State Archives Preservation Facility (SAPF), and twelve Historic Sites around the State. This position reports to the Deputy IT Director and works closely with IT team members, key internal stakeholders across all WHS divisions, and external partners such as the Department of Administration s (DOA) Division of Enterprise Technology (DET), providing expertise and support for a variety of complex systems, emerging technologies, and operational compliance.

Working under the general supervision of the Deputy IT Director, the IT Systems & Cloud Engineer plays a central role in managing, securing, and optimizing both cloud and on-premises infrastructure for the Wisconsin Historical Society. This includes server environments, virtual machines, M365 and Entra ID services, enterprise SaaS platforms, and a growing portfolio of cloud and storage solutions. The position is instrumental in implementing secure, scalable systems that support the agency s operational goals and ongoing technology evolution.

The IT Systems & Cloud Engineer leads and supports initiatives that strengthen and secure the agency s technology environment. Day-to-day work involves collaborating with partner agencies to manage authentication and identity systems, troubleshoot complex system issues, coordinate upgrades and migrations, and automate or streamline recurring tasks. The role requires strong technical judgment, hands-on problem solving, clear documentation, and a balance between immediate operational needs and long-term strategy.

This position also supports IT security and compliance efforts by assessing risks in cloud-hosted solutions (SaaS, PaaS, IaaS) and emerging technologies, including products and services that incorporate Artificial Intelligence (AI). The engineer gathers technical and use case details for AI-enabled tools, ensures data protection standards are met, and coordinates review and approval through partner agency governance processes. Additional responsibilities include conducting log analysis using SIEM tools, reviewing vulnerability scan results, and preparing executive-level reports on systems security and compliance. The role also helps support and coordinate firewall and security exception requests, incident response activities, and the agency s vulnerability management program.

Responsibilities

Systems Administration & Infrastructure

• Administer and maintain agency servers, virtual machines, and hybrid infrastructure to ensure reliability, performance, and data protection.
• Lead the configuration, monitoring, and patching of Windows Server, M365, and Entra ID environments in coordination with partner agencies.
• Implement and maintain automation scripts and workflows (PowerShell, CLI, or platform tools) to streamline routine tasks and improve system efficiency.
• Integrate and manage hybrid identity and authentication systems (Entra ID, SSO) for secure access to enterprise SaaS and cloud resources.
• Plan and coordinate upgrades, migrations, and maintenance windows to minimize service disruption.
• Maintain accurate documentation for configurations, integrations, and operational standards.

Cloud & Storage Management

• Manage AWS and other cloud-based storage platforms, including lifecycle automation, data tiering, and integration with on-prem systems.
• Monitor cloud utilization and performance, recommending optimizations for scalability, resilience, and cost-effectiveness.
• Support deployment and configuration of new SaaS applications, ensuring compliance with state and agency standards.
• Evaluate and implement secure connectivity and data-transfer methods between on-prem and cloud systems.

Technology Intake & Vendor Review

• Coordinate technology intake and vendor review processes, gathering business use cases, data classifications, and system requirements.
• Review vendor documentation such as privacy policies, security artifacts (SOC 2, StateRAMP, FedRAMP), and licensing terms to assess compliance and risk.
• Partner with internal stakeholders and the Department of Administration (DOA) to ensure new technology meets security, accessibility, and policy requirements.

AI & Emerging Technology Governance

• Evaluate products and services that incorporate Artificial Intelligence (AI) for compliance with agency data governance, privacy, and security standards.
• Identify accountable business stakeholders to help ensure technology and its use adheres to prescribed business processes.
• Gather and document technical details and approved use cases for AI-enabled tools, coordinate review and approval through DOA governance processes.
• Maintain an inventory of approved AI applications and related risk considerations. Monitor for changes to AI sub processors and terms of use for applications in the portfolio.

Monitoring, Security Coordination & Reporting

• Monitor infrastructure health, performance, and alerts using enterprise tools (e.g., Splunk, Tenable, IronPort, or equivalent).
• Assist with vulnerability management coordination by reviewing findings, tracking remediation, and maintaining dashboards in collaboration with system owners.
• Translate technical information into clear, actionable summaries for diverse audiences, including executive leadership.
• Support incident response activities and coordinate with partner agencies or managed service providers during investigations or escalations.

Compliance, Documentation & Continuous Improvement

• Support adherence to state, NIST, and PCI-aligned standards by documenting processes, controls, and exceptions related to systems and cloud infrastructure.
• Contribute to audit preparation, evidence collection, and compliance reporting.
• Champion secure and efficient technology practices across IT and business units, balancing innovation with governance.

Minimum Qualifications

• 5+ years of experience in system administration or cloud engineering within hybrid environments.
• Extensive knowledge of Microsoft 365, Entra ID, Windows Server, and AWS storage services (S3, Glacier, Intelligent Tiering).
• Demonstrated ability to design and implement automation, monitoring, or integration scripts using PowerShell, Python, or equivalent tools.
• Experience integrating and supporting enterprise SaaS platforms and SSO/IAM solutions.
• Experience with cloud lifecycle management, cost optimization, or hybrid storage automation.
• Working knowledge of vulnerability management, SIEM, or related monitoring tools (e.g., Tenable, Splunk, IronPort, Cloudflare).
• Understanding of security best practices including encryption, access control, and patch management.
• Familiarity with compliance frameworks such as NIST, PCI DSS, CIS, or ISO 27001.
• Excellent documentation and communication skills, with the ability to translate complex technical concepts for diverse audiences.
• Strong problem-solving and analytical skills with a focus on continuous improvement.

Desired Qualifications

• Experience evaluating AI tools or emerging technologies for compliance, privacy, or ethical risks.
• Expertise in AWS S3 Bucket, lifecycle, and IAM policies as well as AWS Billing Console and advanced cost reporting.
• Experience coordinating or supporting IT security reviews, exception workflows, or audit responses.
• Familiarity with single tenant multi-agency state government IT environments, policies, and collaboration.
• Relevant industry certifications (e.g., Microsoft, AWS, CompTIA, ISC2, or ITIL) preferred.

This is a hybrid position requiring on-site work at the WHS HQ 1 3 days per week depending on project and operational needs. WHS is located in downtown Madison on the UW Madison campus, with nearby public parking, transit, and bike access. Remote work may be permitted on a scheduled basis after onboarding.

Candidates must be Wisconsin residents or willing to relocate prior to starting employment. Regular commuting expenses are not covered by WHS.