Microsoft Server & Azure IaaS Administrator (AD/GPO/IIS) - 100% Remote - LongTerm Contract (Client in Columbus, OH) - B4176B
Job Description
This Microsoft infrastructure administrator will assist with the management of Windows Server, Active Directory, Group Policy, IIS, and Azure IaaS resources.
This role will be responsible for day-to-day operations, security hardening, automation, and high-availability support across on-premises and cloud environments.
This position will partner closely with network, security, and application teams to ensure reliable service delivery and continuous improvement.
Key Responsibilities
Windows Server Administration: Configure and maintain Windows Server (20162025); manage roles/features (AD DS, DNS, DHCP, DFS, File Services), patching, performance tuning, and capacity planning.
IIS Administration: Configure and support IIS websites and applications, including application pools, bindings, SSL/TLS certificates, URL Rewrite/ARR, security hardening, and log analysis; optimize availability and performance.
Azure IaaS: Manage Azure VMs, VM Scale Sets, disks/storage, Azure Files, VNETs, subnets, NSGs/ASGs, Load Balancer/App Gateway, Bastion; implement backup (Azure Backup), DR (Azure Site Recovery), monitoring/alerts (Azure Monitor), and cost governance.
Active Directory (AD): Maintain domain health and replication; manage OU structure, users, groups, GMSAs, service accounts, and delegated permissions; troubleshoot authentication/Kerberos/NTLM issues.
Monitoring & Troubleshooting: Use native tools and platforms (Event Viewer, PerfMon, Azure Monitor, Log Analytics) to proactively detect and resolve issues impacting availability, performance, or security.
Group Policy (GPO): Design, implement, and maintain GPOs for security baselines, server configurations, and compliance; perform impact testing and change control.
Security & Compliance: Apply CIS/Microsoft security baselines, TLS configurations, vulnerability remediation, endpoint hardening, and log review; partner with security for audits and incident response.
Automation & Scripting: Build PowerShell scripts/modules to automate routine tasks (provisioning, patching, reporting) and Infrastructure-as-Code (e.g., Bicep/ARM/Terraform) for repeatable deployments.
Documentation & Change Management: Produce and maintain SOPs, diagrams, inventories, and runbooks; follow ITIL change/incident processes; contribute to knowledge base.
Collaboration & Support: Serve as escalation point for server/web platform issues; coordinate with app owners on deployments, certificates, and integration.
Lifecycle & Projects: Lead or support upgrades, migrations, re-platforming, and cloud adoption initiatives; drive standardization and modernization.
IRS 1075 Compliance: Provide answers and documentation, and implement changes required as part of IRS audit findings.
Required Qualifications
Process & Practices: Strong documentation, change control, and incident/problem management (ITIL).
Soft Skills: Clear communicator, collaborative, organized, and able to prioritize across multiple stakeholders and deadlines.
Preferred Qualifications
Certifications: Microsoft Certified: Azure Administrator Associate (AZ-104), Windows Server Hybrid Administrator Associate (AZ-800/AZ-801)
Nice to Have: Azure Network Engineer (AZ-700)
Enterprise Tools: Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira.
Networking: Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints.
Web/App Integration: Familiarity with .
NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS.
Infrastructure-as-Code & Config: Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints.
Azure DevOps: Experience with server-side configurations
Skill Matrix
7+ years administering Windows Server, AD, GPO, and IIS in mid to large enterprise environments - Required
Group Policy design and troubleshooting (RSOP, GPMC, GPResult) - Required
Windows Server (20162025), AD DS, DNS, restores - Required
IIS configuration, SSL/TLS, bindings, app pools, URL Rewrite/ARR, logging - Required
Azure IaaS (VMs, VNETs, NSGs, Load Balancer/App Gateway, Azure Backup/ASR, Azure Monitor, Log Analytics) - Required
PowerShell scripting (automation, modules, REST/Graph, CLI) - Required
Azure Administrator Associate (AZ-104), Windows Server Hybrid Administrator Associate (AZ-800/AZ-801) - Required
Azure Network Engineer (AZ-700) - Nice to have
Experience with MCM/ConfigMgr, WSUS, Defender for Cloud, Sentinel, Splunk/ELK, ServiceNow/Jira - Required
Solid understanding of TCP/IP, DNS, routing, VPN, firewall rules, load balancing, private endpoints - Required
Familiarity with .
NET application hosting, SSO (SAML/OIDC), App Gateway/WAF, certificate pinning, mutual TLS - Required
Experience with Bicep/ARM/Terraform, DSC, or Ansible; Azure Policy/Blueprints - Required
Questions
Do you understand, and will abide by, the provision in your subcontract with OST that it is PROHIBITED for government equipment to be taken or used outside of the United States by your contractors? The consequences of this occurring can and will result in repercussions to you, the prime vendor, regardless if the candidate works for a sub-vendor of yours. It will also result in immediate termination of the contractor, and make them ineligible for rehire in the program.
Where is your candidate currently located? City, State
Location
100% Remote, (Client in Columbus, OH)
Type: Long Term Contract