Senior Systems Engineer, Windows Position Overview
The Senior Systems Engineer, Windows is a senior, hands-on engineer responsible for operating, modernizing, and automating enterprise Windows platforms with a strong emphasis on Public Key Infrastructure (PKI). While a primary initiative for this role is executing and improving Windows Server upgrade workflows, the position also supports PKI operations, certificate lifecycle management, and PKI platform migrations. This role requires deep experience with enterprise PKI platforms, strong Windows and Active Directory knowledge, and advanced PowerShell automation skills. The work is project-driven with a flexible schedule, including availability during defined maintenance windows, planned change periods, and occasional evenings or weekends.
Core Responsibilities Windows Server Upgrade Execution & Modernization
Plan, validate, and execute Windows Server upgrades across production and non-production environments using in-place upgrade and side-by-side methodologies. Perform readiness assessments covering OS configuration, application dependencies, services, drivers, clustering, and security tooling. Execute upgrades during approved maintenance windows and validate system health, performance, and application functionality post-upgrade. Troubleshoot and remediate upgrade failures, service disruptions, and post-upgrade issues. Design upgrade strategies that minimize downtime and operational risk.
Upgrade Automation & Workflow Engineering
Design and implement automation workflows that standardize the Windows Server upgrade lifecycle from readiness validation through rollback. Automate pre-upgrade checks, image creation, backups, snapshot validation, upgrade execution, and post-upgrade verification. Develop reusable PowerShell modules for validation, reporting, remediation, and enforcement. Reduce manual effort by converting documented procedures into executable automation suitable for production environments.
PKI Engineering & Certificate Lifecycle Management
Operate as a senior contributor for enterprise PKI and certificate services. Support certificate issuance, renewal, revocation, and trust distribution across Windows and cloud platforms. Work with enterprise PKI management platforms. Implement certificate lifecycle automation, policy enforcement, and monitoring to reduce risk related to certificate expiration or misconfiguration. Ensure PKI services align with security, compliance, and audit requirements.
PKI Platform Migration Support
Support migrations from Microsoft Active Directory Certificate Services (ADCS) to enterprise PKI management platforms. Assist with assessing existing certificate authorities, templates, enrolment flows, and trust models. Execute migration tasks as directed by PKI or platform leads. Validate certificate trust, authentication flows, and application dependencies during and after migration activities. Support decommissioning or reduced reliance on legacy ADCS components as appropriate.
Active Directory & Identity Foundations
Maintain strong working expertise in Active Directory and Windows identity services. Support AD-integrated certificate services, authentication flows, and directory dependencies. Troubleshoot identity-related issues including Kerberos, LDAP, DNS, and Group Policy as they relate to Windows platforms and PKI operations. Collaborate with directory services and security teams on identity and certificate-related initiatives.
AWS & Hybrid Windows Engineering
Engineer and support Windows Server workloads hosted in AWS. Manage and troubleshoot EC2-based Windows instances, storage, networking, and security controls. Support certificate deployment and trust management for cloud-hosted Windows systems and services. Coordinate snapshot, AMI, and rollback strategies for upgrade and PKI-related changes. Collaborate with cloud engineering teams on hybrid identity and certificate architectures.
Windows Platform Operations
Maintain, optimize, and troubleshoot Windows Server roles and features including IIS, file services, clustering, scheduled tasks, and core OS services. Address performance issues, configuration drift, service failures, and security findings across the Windows estate. Ensure systems comply with operational, security, and regulatory standards.
Documentation, Coordination, and Reporting
Create and maintain technical documentation covering upgrade procedures, automation workflows, PKI architecture, and certificate lifecycle processes. Provide regular status updates, risk assessments, and issue escalation to technical leadership and project stakeholders. Coordinate with application owners, security teams, and infrastructure leads to ensure alignment with business and technical requirements.
Required Qualifications
5+ years of hands-on experience engineering Windows Server environments (2012 R2, 2016, 2019, 2022, or newer). Strong experience supporting enterprise PKI and certificate services. Demonstrated experience with PKI management platforms such as AppViewX, Venafi, or similar. Experience performing Windows Server upgrades in production environments. Advanced PowerShell scripting skills with a strong focus on automation and operational tooling. Solid experience supporting Windows workloads in AWS, including EC2, storage, networking, and hybrid integrations. Strong understanding of Active Directory fundamentals, identity services, and AD-integrated PKI. Proven ability to troubleshoot complex OS, PKI, and infrastructure issues.
Preferred Qualifications
Experience supporting migrations away from Microsoft ADCS to enterprise PKI platforms. Experience supporting large-scale or regulated PKI environments. Familiarity with certificate-based authentication, mutual TLS, and application certificate dependencies. Background with Windows Failover Clustering, Hyper-V, or VMware. Experience with monitoring and alerting platforms for certificate and infrastructure health. Relevant Microsoft, AWS, or PKI-related certifications.
Never miss an opportunity! Create an alert based on the job you applied for.
